Project Galileo mitigated 38.5 billion cyber threats in a year as attacks on journalists, human rights groups and civil society organizations continue to intensify
Dubai, UAE – June, 2026 – On the twelfth anniversary of Project Galileo, Cloudflare today released its annual report, Defending the Front Line: Insights from a Year of Protecting Civil Society, highlighting the growing cybersecurity threats facing vulnerable organizations around the world. The findings reveal a rapidly expanding attack surface driven by geopolitical tensions, elections, civic unrest, and increasingly sophisticated cybercrime targeting organizations that often operate with limited resources.
Project Galileo provides free cybersecurity protection to more than 3,400+ internet properties across 130+ countries, helping defend journalists, human rights advocates, independent media, environmental organizations, and humanitarian groups from cyberattacks.
The report found that civil society organizations in every region and sector experienced cyberattacks during the reporting period, underscoring the growing digital risks facing groups that play a critical role in supporting democracy, accountability, and public welfare.
Key Findings:
- Distributed-denial-of-service (DDoS) attacks were the most common cyber threat against civil society organizations protected under Project Galileo, accounting for 81.7% of all malicious traffic. Their defining feature was duration. While most DDoS attacks Cloudflare mitigated for its customers were over within minutes, nearly every one of the largest attacks against civil society lasted longer, with some spanning into days and weeks. The Iraq-based digital rights organization Tech4Peace experienced an eight-day long DDoS attack that featured 2.6 billion malicious traffic requests.
- On average, Cloudflare blocked a malicious request probing a media organization every seven seconds. In general, civil society organizations faced attempts to exploit security vulnerabilities in websites at a rate more than seven times higher than other Cloudflare customers. Media organizations, including journalists, were the most frequently targeted, receiving 40.5% of attacks, despite making up only 22.7% of the underlying population.
- Journalists operating in exile faced a rate of malicious traffic that was nearly four times higher than journalism organizations overall. Attacks were concentrated against a few targets. In December 2025, elTOQUE, a Cuban media outlet operating in exile, faced a DDoS attack that the organization believes was an intentional effort to limit access to a tracker comparing the Cuban peso with foreign currencies.
- Nearly 10 percent of all emails Cloudflare processed for civil society included potential phishing material. Compared to other Cloudflare customers, civil society faced a higher concentration of malicious emails intended to gain unauthorized access. Traditional authentication protocols alone left civil society organizations exposed. Nearly one in three emails that contained malicious content bypassed standard authentication methods but were identified by more sophisticated phishing detection tools provided by Cloudflare.
- Cloudflare identified 183 Internet disruptions across its global network, 85 of which public reporting has attributed to government action. The restrictions coincided with periods of elections, protests, and student exams. In countries like Iran and Uganda, civil society organizations reported that shutdowns disrupted their ability to reach affected communities, document abuses, and share independent information.
“The Middle East and Africa region continues to experience rapid digital transformation, but that progress also brings increased exposure to cyber threats,” said Ercan Aydin, AVP, Middle East, Türkiye and Africa at Cloudflare. “Organizations supporting independent journalism, digital rights, humanitarian initiatives, and public-interest causes are increasingly operating in complex threat environments. The findings from this year’s Project Galileo report reinforce the importance of ensuring these organizations have access to enterprise-grade cybersecurity protections, enabling them to continue serving communities, safeguarding information, and supporting social and economic development across the region.”
The report also highlights examples from the Middle East, including sustained attacks against Iraq-based digital rights organization Tech4Peace, which experienced multiple DDoS campaigns linked to high-profile publications and fact-checking efforts.
As cyber threats continue to evolve, Cloudflare remains committed to helping civil society organizations build resilience against attacks that seek to silence voices, disrupt services, and undermine access to information.
About Project Galileo:
Launched in 2014, Project Galileo provides free cybersecurity protection to vulnerable public-interest organizations around the world. The initiative supports organizations working in areas such as human rights, journalism, environmental protection, humanitarian aid, and democracy-building by helping defend them against cyberattacks and online threats.
About Cloudflare:
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Forward-Looking Statements:
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s Workers developer platform and other products technology and VoidZero‘s products and technology, the benefits to Cloudflare’s customers from using Cloudflare’s Workers developer platform and other products technology and VoidZero‘s products and technology, the timing of when Cloudflare’s Workers developer platform and VoidZero’s products and technology and or any of their related features will be fully integrated and generally available to all current and potential Cloudflare customers, the potential timing of the closing of Cloudflare’s acquisition of VoidZero, Cloudflare’s plans and objectives for, and the timing of, the integration of VoidZero’s products and technology into Cloudflare’s Workers developer platform, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on May 8, 2026, as well as other filings that Cloudflare may make from time to time with the SEC.
The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.
