Cloudflare says new hCaptcha bypass doesn’t impact its implementation

Academics said their attack worked with a 95.93% accuracy rate and took around 18.76 seconds on average to crack an hCaptcha challenge.

But while machine learning-based attacks on image-based CAPTCHA solutions have been discovered before, the major breakthrough in this paper is that the research team achieved this with minimal computational resources — with the attack rig consisting of a simple Docker container running Ubuntu OS, configured with a 3-core CPU and only 2GB of memory.