February 01, 2024 8:00 PM
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event...
January 24, 2024 2:00 PM
Foundations is a foundational Rust library, designed to help scale programs for distributed, production-grade systems...
January 09, 2024 2:00 PM
Today, we’re releasing our 2024 API Security and Management Report. This blog introduces and is a supplement to the API Security and Management Report for 2024 where we detail exactly how we’re protecting our customers, and what it means for the future of API security...
December 18, 2023 2:00 PM
By editing or creating a new Turnstile widget with “Pre-Clearance” enabled, Cloudflare customers can now use Turnstile to issue a challenge when a page’s HTML loads, and enforce that all valid responses have a valid Turnstile token...
December 12, 2023 1:00 PM
The 2023 Cloudflare Radar Year in Review is our fourth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level......
October 16, 2023 5:53 PM
The DC-SCM (Datacenter-ready Secure Control Module) decouples server management from the server motherboard. It provides flexibility to implement multiple server management and security solutions with the same server motherboard design...
October 10, 2023 12:02 PM
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks...
October 10, 2023 12:02 PM
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
October 05, 2023 3:00 PM
Google announced a security issue in Chrome titled "Heap buffer overflow in WebP in Google Chrome." At first it seemed like just another bug, but has implications that extended well beyond Chrome....
October 03, 2023 12:55 PM
We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ...
October 02, 2023 1:00 PM
Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...
September 29, 2023 1:00 PM
Starting today, you can secure the connection between Cloudflare and your origin server with post-quantum cryptography...
September 29, 2023 1:00 PM
In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....
September 29, 2023 1:00 PM
Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use. ...
September 25, 2023 1:00 PM
Cloudflare has a lot of new roles, how should we use them, and how can we stay safe...
September 15, 2023 1:00 PM
We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...
August 21, 2023 2:15 PM
We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...
August 21, 2023 1:00 PM
Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...
August 09, 2023 1:00 PM
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
August 04, 2023 6:29 PM
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
