On the twelfth anniversary of Project Galileo, Cloudflare released its annual report, Defending the Front Line: Insights from a Year of Protecting Civil Society, highlighting the growing cybersecurity threats facing vulnerable organizations around the world. The findings reveal a rapidly expanding attack surface driven by geopolitical tensions, elections, civic unrest, and increasingly sophisticated cybercrime targeting organizations that often operate with limited resources.
Project Galileo provides free cybersecurity protection to more than 3,400+ internet properties across 130+ countries, helping defend journalists, human rights advocates, independent media, environmental organizations, and humanitarian groups from cyberattacks.
The report found that civil society organizations in every region and sector experienced cyberattacks during the reporting period, underscoring the growing digital risks facing groups that play a critical role in supporting democracy, accountability, and public welfare.
Key Findings
- Distributed-denial-of-service (DDoS) attacks were the most common cyber threat against civil society organizations protected under Project Galileo, accounting for 81.7% of all malicious traffic. Their defining feature was duration. While most DDoS attacks Cloudflare mitigated for its customers were over within minutes, nearly every one of the largest attacks against civil society lasted longer, with some spanning into days and weeks. The Iraq-based digital rights organization Tech4Peace experienced an eight-day long DDoS attack that featured 2.6 billion malicious traffic requests.
- On average, Cloudflare blocked a malicious request probing a media organization every seven seconds. In general, civil society organizations faced attempts to exploit security vulnerabilities in websites at a rate more than seven times higher than other Cloudflare customers. Media organizations, including journalists, were the most frequently targeted, receiving 40.5% of attacks, despite making up only 22.7% of the underlying population.
- Journalists operating in exile faced a rate of malicious traffic that was nearly four times higher than journalism organizations overall. Attacks were concentrated against a few targets. In December 2025, elTOQUE, a Cuban media outlet operating in exile, faced a DDoS attack that the organization believes was an intentional effort to limit access to a tracker comparing the Cuban peso with foreign currencies.
- Nearly 10 percent of all emails Cloudflare processed for civil society included potential phishing material. Compared to other Cloudflare customers, civil society faced a higher concentration of malicious emails intended to gain unauthorized access. Traditional authentication protocols alone left civil society organizations exposed. Nearly one in three emails that contained malicious content bypassed standard authentication methods but were identified by more sophisticated phishing detection tools provided by Cloudflare.
- Cloudflare identified 183 Internet disruptions across its global network, 85 of which public reporting has attributed to government action. The restrictions coincided with periods of elections, protests, and student exams. In countries like Iran and Uganda, civil society organizations reported that shutdowns disrupted their ability to reach affected communities, document abuses, and share independent information.
“The Middle East and Africa region continues to experience rapid digital transformation, but that progress also brings increased exposure to cyber threats,” said Ercan Aydin, AVP, Middle East, Türkiye and Africa at Cloudflare. “Organizations supporting independent journalism, digital rights, humanitarian initiatives, and public-interest causes are increasingly operating in complex threat environments. The findings from this year’s Project Galileo report reinforce the importance of ensuring these organizations have access to enterprise-grade cybersecurity protections, enabling them to continue serving communities, safeguarding information, and supporting social and economic development across the region.”
The report also highlights examples from the Middle East, including sustained attacks against Iraq-based digital rights organization Tech4Peace, which experienced multiple DDoS campaigns linked to high-profile publications and fact-checking efforts.
As cyber threats continue to evolve, Cloudflare remains committed to helping civil society organizations build resilience against attacks that seek to silence voices, disrupt services, and undermine access to information.