Radware 2026 Global Threat Report Shows DDoS Attacks Jump 168% as Cyber Threats Escalate Across Networks and Applications

Rhea-AI Summary

Radware (NASDAQ: RDWR) released its 2026 Global Threat Analysis Report on Feb 19, 2026, showing a sharp escalation in cyberattacks across 2025.

Key findings: network DDoS attacks +168.2% YoY with peaks near 30 Tbps; web DDoS +101.4% YoY; application/API attacks +128% YoY; bad bot activity +91.8%.

Positive

• Network DDoS volume increased by 168.2% YoY
• Application and API attacks rose 128% YoY
• Web DDoS attacks grew 101.4% YoY
• Peak attack size reached nearly 30 Tbps
• Average Radware customer faced 25,351 network attacks (H2 2025)

Negative

• Bad bot activity rose 91.8% YoY
• Most Web DDoS attacks now last <60 seconds, reducing manual mitigation effectiveness
• Technology sector exposure jumped to 45% of network DDoS attacks (from 8.77%)
• North America accounted for 63.1% of network-layer DDoS attacks

Key Figures

Network DDoS increase: 168.2% YoY Peak DDoS volume: almost 30 Tbps Customer attack load: 25,351 attacks; 139/day +5 more

8 metrics

Network DDoS increase 168.2% YoY Network-layer DDoS attacks vs 2024

Peak DDoS volume almost 30 Tbps Peak network-layer DDoS attack volume in 2025

Customer attack load 25,351 attacks; 139/day Average network-layer DDoS attacks per Radware customer in H2 2025

Tech sector share 45% of attacks Share of network-layer DDoS attacks targeting technology sector in 2025

Web DDoS increase 101.4% YoY Change in Web DDoS attacks vs 2024

Web DDoS small attacks 94.4% Share of Web DDoS attacks under 100,000 requests per second

App/API attack growth 128% YoY Increase in malicious web application and API transactions

Bad bot activity 91.8% increase Year-over-year increase in bad bot activity

Market Reality Check

Price: $26.26 Vol: Volume 522,039 vs 20-day ...

high vol

$26.26 Last Close

Volume Volume 522,039 vs 20-day average 288,786, indicating elevated trading activity ahead of/around this report. high

Technical Price $26.26 trades above 200-day MA of $25.30 and about 16.82% below the 52-week high, while sitting 42.28% above the 52-week low.

Peers on Argus

RDWR fell 2.34% while close peers showed mixed moves (e.g., RPD +1.28%, ATEN -0....

RDWR fell 2.34% while close peers showed mixed moves (e.g., RPD +1.28%, ATEN -0.55%, VRNT/YEXT modestly positive, TIXT flat), suggesting stock-specific trading rather than a broad sector-driven move.

Historical Context

5 past events · Latest: Feb 13 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Feb 13	Share repurchase plan	Positive	+5.8%	Board authorized new $80M share repurchase plan through March 2027.
Feb 11	Earnings results	Positive	+5.4%	Record Q4 and FY2025 revenue and EPS with strong ARR growth.
Feb 10	Investor day announcement	Positive	+3.3%	Announcement of in-person Investor Day 2026 with executive presentations.
Feb 03	AI product launch	Positive	-1.6%	Launch of Agentic AI Protection security solution for autonomous AI agents.
Feb 02	Channel recognition	Positive	+1.6%	Executive named to CRN Channel Chiefs list for partner ecosystem growth.

Pattern Detected

Recent news has generally seen positive price alignment, with only one notable divergence on a product-launch headline.

Recent Company History

Over recent months, Radware has combined strong fundamentals with strategic initiatives. Record Q4 and FY2025 results on Feb 11 and an $80M share repurchase plan on Feb 13 both saw solid positive reactions. Investor-focused events like Investor Day 2026 and recognition of channel leadership also coincided with gains. A new Agentic AI security solution launch drew a modest negative move, marking a rare divergence. Against this backdrop, the 2026 Global Threat Analysis Report extends Radware’s positioning as a security thought leader.

Market Pulse Summary

This announcement highlights sharply rising cyber risk, with network-layer DDoS attacks up 168.2%, W...

Analysis

This announcement highlights sharply rising cyber risk, with network-layer DDoS attacks up 168.2%, Web DDoS up 101.4%, and malicious app/API transactions up 128%. It underscores Radware’s visibility into global traffic patterns and its focus on automated, AI-aware defenses. Set against recent record earnings, a new $80M buyback, and product innovation, the report reinforces Radware’s positioning in security analytics. Investors may track how these threat trends influence future demand and product development milestones.

Key Terms

ddos, osi model, api, credential stuffing, +1 more

5 terms

ddos technical

"Radware 2026 Global Threat Report Shows DDoS Attacks Jump 168%..."

A DDoS (distributed denial-of-service) attack is when many compromised computers or devices artificially flood a company's online systems with traffic so legitimate users cannot access websites, apps, or services. For investors, DDoS episodes can disrupt sales, damage customer trust, and expose weaknesses in a company's security — like a traffic jam that shuts down a city's main highway, revealing costs and operational risks that can affect revenue and stock value.

osi model technical

"Network-layer DDoS attacks, targeting layer 3 and 4 of the OSI model..."

A conceptual framework that breaks computer network communication into seven stacked layers, from physical wires and signals up to user-facing applications, used to describe how data moves and where problems or features sit. For investors, it helps identify which part of networking technology a company works on—like the ‘postal truck’ (transport), the ‘addressing system’ (networking), or the ‘envelope format’ (presentation)—so you can assess product fit, interoperability, security exposures, and where revenue or risk may arise.

api technical

"Malicious web application and API transactions rose 128% year over year..."

An API, or Application Programming Interface, is a set of rules that allows different software programs to communicate and work together smoothly, much like a waiter translating your order into the kitchen and then bringing your meal back. For investors, APIs are important because they enable real-time access to financial data, trading systems, and other digital services, making it easier to make informed decisions quickly and efficiently.

credential stuffing technical

"enabled large-scale credential stuffing, scraping and account takeover campaigns."

Attackers take lists of stolen usernames and passwords from one breach and try them on many other accounts, hoping users reused the same credentials—like trying the same key in dozens of locks. For investors, successful credential stuffing can lead to customer account takeovers, financial losses, regulatory fines, reputational damage and higher security costs, all of which can hurt revenue and share value.

account takeover technical

"enabled large-scale credential stuffing, scraping and account takeover campaigns."

An account takeover occurs when an unauthorized person gains control of a customer or company account—such as banking, trading, email, or user portals—usually by stealing passwords or bypassing security. It matters to investors because these incidents can cause direct financial loss, damage trust and brand value, trigger regulatory fines, and reveal weaknesses in a company’s controls; think of it like someone stealing the key to a mailbox and rifling through bills and instructions.

AI-generated analysis. Not financial advice.

Primary driver of DDoS activity remains geopolitical and ideological conflict

AI-Driven Bot Attacks Accelerate Worldwide

MAHWAH, N.J., Feb. 19, 2026 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its 2026 Global Threat Analysis Report, revealing a dramatic escalation in cyberattack activity across both network and application layers throughout 2025. The new report, based on comprehensive analysis of data from Radware’s cloud and managed security services and threat intelligence research teams, highlights the increasing sophistication, speed and scale of threats facing organizations worldwide.

In the 2026 report:

DDoS Attack Volume Skyrockets

Network-layer DDoS attacks, targeting layer 3 and 4 of the OSI model, increased 168.2% year over year, with peak attack volumes reaching almost 30 Tbps, signaling a resurgence of brute-force volumetric attacks.

• Attack Volume: In the second half of 2025, the average Radware customer experienced more than 25,351 network-layer DDoS attacks, an average of 139 attacks per day, driving the sharp year-over-year increase.
• Industry Targets: Technology, telecommunications and financial services were the most targeted sectors, together accounting for the majority of large-scale network DDoS campaigns. The technology sector alone represented 45% of all network-layer DDoS attacks, up sharply from 8.77% in 2024.
• Geographic Targets: North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).
  
  

Web DDoS Activity Surges

Web DDoS attacks, targeting layer 7 of the OSI model, climbed 101.4% compared to 2024, reflecting a dramatic rise in application-layer disruption campaigns. Most high-impact Web DDoS attacks now last less than 60 seconds, making manual mitigation and human-in-the-loop defenses increasingly ineffective.

• Attack Volume: 94.4% of Web DDoS attacks measured under 100,000 requests per second, highlighting a shift toward smaller, more frequent and persistent attacks designed to evade traditional detection thresholds.
• Industry Targets: Online services, financial services and retail organizations experienced the highest volumes of Web DDoS activity, reflecting attackers’ focus on revenue-generating digital platforms and customer-facing services.
• Geographic Targets: EMEA remained the most targeted region, accounting for 57% of all Web DDoS attacks globally, while APAC experienced the fastest growth, with Web DDoS attacks in the region surging 485% year over year.
  
  

Application and API Attacks Accelerate

Malicious web application and API transactions rose 128% year over year, confirming the application layer as the primary battleground for modern cyberattacks.

• Attack Volume: Vulnerability exploitation accounted for 41.8% of observed application-layer attacks, rising to nearly 58% in Q4 2025, as attackers shifted away from commoditized techniques toward vulnerability exploitation, business logic and API abuse.
• Industry Targets: Technology-driven organizations with extensive API ecosystems — including SaaS providers, cloud platforms and fintech firms — faced the highest levels of application-layer exploitation.
• Geographic Targets: North America and EMEA together accounted for the majority of malicious application and API traffic, reflecting dense concentrations of exposed digital services.
  
  

AI-Powered and Automated Threats on the Rise

Bad bot activity increased 91.8%, fueled by generative AI tools that have lowered the barrier to entry for attackers and enabled large-scale credential stuffing, scraping and account takeover campaigns.

• Attack Volume: In just the first six months of 2025, bad bot activity reached 89.2% of the total volume observed across all of 2024, underscoring the explosive growth of automated threats.
• Geographic Targets: North America accounted for 40.7% of malicious bot transactions, followed by APAC (25%), EMEA (19.1%) and Central and Latin America (15.2%).

Hacktivism: A Persistent Threat

Beyond the technical evolution of attacks, a primary driver of DDoS activity remains geopolitical and ideological conflict. In 2025, hacktivist targeting remained sustained and evolved into a persistent, high-volume threat.

• Regional Concentration: Europe bore the brunt, accounting for 48.4% of all claimed attacks, significantly outpacing the Middle East (17.7%) and Asia (17.5%).
• Nation and Industry Targets: The highest volumes of claimed attacks were directed at Israel (12.2%), the United States (9.4%), and Ukraine (8.9%) with government services the primary target at 38.8% of all claimed attacks.
• Most Active Threat Actor: The group NoName057 (16) set yet another historical record by claiming 4,693 attacks, solidifying its position as the most active hacktivist entity in history.
  
  

“The threat landscape continues to evolve with unprecedented speed and complexity,” said Pascal Geenans, vice president of threat intelligence at Radware. “Our 2026 Global Threat Analysis Report underscores how attackers are leveraging automation, AI and multi-vector strategies to disrupt operations at scale. Organizations must adopt resilient, automated defenses capable of responding in seconds — not minutes — to stay ahead in this environment.”

Radware’s complete 2026 Global Threat Analysis Report can be downloaded here.

Radware Webinar on 2026 Global Threat Analysis Report

Radware will host a webinar on March 19, 2026, 2026 Global Threat Analysis Report: Analysis of the Global Network and Application Attack Trends of 2025 where Pascal Geenans, vice president of threat intelligence at Radware will discuss the report.

Security leaders and researchers are invited to attend and explore the report and its data on cyberattack activity throughout 2026.

Radware conducts threat research on behalf of the wider cybersecurity community, ensuring security professionals have the same insights as attackers. The complete research, including technical breakdowns and defense recommendations, will be available at Radware’s Security Research Center following the webinar.

About Radware

Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2026 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE RADWARE 2026 GLOBAL THREAT ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement

This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that organizations must adopt resilient, automated defenses capable of responding in seconds — not minutes — to stay ahead in this environment, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:
Gina Sorice
Radware
GinaSo@radware.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/f106491e-5b23-4938-88e3-01bd6f6813b7

FAQ

What did Radware (RDWR) report about DDoS growth in the 2026 Global Threat Report?

Network-layer DDoS attacks rose 168.2% year-over-year, signaling a major volumetric resurgence. According to the company, peak attacks approached 30 Tbps and average customers saw 25,351 network attacks in H2 2025.

How much did web (layer 7) DDoS activity increase according to Radware's Feb 19, 2026 report?

Web DDoS attacks increased 101.4% year-over-year, with most high-impact events under 60 seconds. According to the company, 94.4% of web attacks were under 100,000 requests/sec, favoring shorter, frequent disruptions.

What rise in application and API attacks did Radware (RDWR) document for 2025?

Malicious application and API traffic climbed 128% year-over-year, marking the application layer as the primary battleground. According to the company, vulnerability exploitation made up 41.8% of attacks, rising to nearly 58% in Q4 2025.

How did bad bot activity change in 2025 in Radware's 2026 report?

Bad bot activity increased 91.8% year-over-year, driven by generative AI and automation. According to the company, bot traffic in H1 2025 reached 89.2% of total 2024 volume, enabling large-scale credential stuffing and scraping.

Which sectors and regions were most targeted in Radware's 2026 Global Threat Report?

Technology, telecommunications and financial services faced the most network DDoS campaigns; North America led regionally. According to the company, technology accounted for 45% of network attacks and North America for 63.1% of network-layer DDoS attacks.