29 December 2025

Corero Network Security plc

("Corero" or the "Company")

2025 Product and Industry Update

Corero (AIM: CNS) (OTCQX: DDOSF), the distributed denial of service ("DDoS") protection specialists and champion of adaptive, real-time service availability, issues the following update from Chief Executive Office, Carl Herberger, on Corero's product development and DDoS industry trends in 2025.

Dear Shareholders,

This year, we saw a shift that many in our industry had been sensing for some time. Even the most sophisticated operators, including Microsoft, Cloudflare, and AWS, experienced outages that exposed how deeply interconnected and vulnerable modern digital infrastructure has become. These were not outliers or isolated events. They were reminders that the very nature of DDoS attacks has changed, and that many defences were built for a world that no longer exists.

What stood out the most this year was not just the size of attacks, but how they were orchestrated. Most were small, under 1 Gbps, persistent, and deliberately designed to slip past traditional detection thresholds, while others were multi-vector, encrypted, and coordinated across systems. In both cases, the goal was the same: degrade service quietly under the radar and exhaust firewall resources over time.

We have heard this story repeatedly from customers. Legacy tools react too late, cannot see into encrypted traffic, and struggle at the application layer. When attacks come from multiple directions at once, coordination breaks down. This is the kind of environment Corero's platform, anchored by SmartWall ONE™, was built for, and in 2025 it became increasingly clear that effective DDoS protection depends on always-on visibility, coordination across layers, and mitigation that happens before services degrade.

Platform Evolution

The most important shift this year was not the result of a single Corero product release, but how customers used our platform and what they asked us to become. They did not just want help stopping large traffic spikes. They wanted visibility where they had none before, protection that extended into encrypted and application-layer traffic, and automation that could respond faster than human teams ever could. That demand shaped everything we delivered this year.

We added transport layer security ("TLS") protection so customers could see inside encrypted traffic without sacrificing performance. We introduced Zero Trust Admission Control to stop credential abuse before it ever reached applications or VPNs. We expanded our security application capabilities (AppSec), and we made SmartWall ONE easier to deploy through bare-metal and commercial off-the-shelf ("COTS") options that removed procurement friction. Together, these advances moved SmartWall ONE from a point solution to a more comprehensive security platform.

The year also highlighted where we must continue to improve. Customers want broader application-layer controls, deeper cloud-native integrations, and simpler ways to consume security across hybrid environments. These conversations directly informed early deployments of our CORE platform and will shape how we grow Corero-powered protection in 2026.

These customer priorities will guide us over the next 12 to 24 months to make SmartWall ONE even more central to customer operations by deepening automation so the platform adapts faster than attackers evolve, with the goal of becoming the security layer customers cannot operate without.

We enter 2026 with a stronger platform, and a strategy sharpened by the realities of the past year. Our vision is clear: Corero becomes the operational resilience layer for modern networked environments.

Warm regards,

Carl Herberger

Chief Executive Officer

Corero Network Security

Enquiries:

About Corero Network Security

Corero Network Security is a leading provider of DDoS protection solutions, specialising in automatic detection and protection solutions with network visibility, analytics, and reporting tools. Corero's technology protects against external and internal DDoS threats in complex edge and subscriber environments, ensuring internet service availability. With operational centres in Marlborough, Massachusetts, USA, and Edinburgh, UK, Corero is headquartered in London and listed on the London Stock Exchange's AIM market (ticker: CNS) and the US OTCQX Market (OTCQX: DDOSF).

For more information, visit www.corero.com, and follow us on LinkedIn and X.

About Reach announcements

Reach is an investor communication service aimed at assisting listed and unlisted (including AIM quoted) companies to distribute media only / non-regulatory news releases such as marketing messages, corporate and product information into the public domain. An RNS Regulatory announcement is required to be notified under the AIM Rules for Companies.