MORE POSTS
February 15, 2024 2:00 PM
Safeguarding your brand identity: Logo Matching for Brand Protection
Brand Protection's Logo Matching feature enables users to upload an image of the user’s logo or other brand image. The system scans URLs to discover matching logos and then presents the results for users to review...
February 01, 2024 8:00 PM
Thanksgiving 2023 security incident
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event...
January 24, 2024 2:00 PM
Introducing Foundations - our open source Rust service foundation library
Foundations is a foundational Rust library, designed to help scale programs for distributed, production-grade systems...
January 09, 2024 2:00 PM
Introducing Cloudflare’s 2024 API security and management report
Today, we’re releasing our 2024 API Security and Management Report. This blog introduces and is a supplement to the API Security and Management Report for 2024 where we detail exactly how we’re protecting our customers, and what it means for the future of API security...
December 18, 2023 2:00 PM
Integrating Turnstile with the Cloudflare WAF to challenge fetch requests
By editing or creating a new Turnstile widget with “Pre-Clearance” enabled, Cloudflare customers can now use Turnstile to issue a challenge when a page’s HTML loads, and enforce that all valid responses have a valid Turnstile token...
December 12, 2023 1:00 PM
Cloudflare 2023 Year in Review
The 2023 Cloudflare Radar Year in Review is our fourth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level across a variety of traffic, connectivity, and speed metrics, based on data from Cloudflare’s network...
October 16, 2023 5:53 PM
Introducing the Project Argus Datacenter-ready Secure Control Module design specification
The DC-SCM (Datacenter-ready Secure Control Module) decouples server management from the server motherboard. It provides flexibility to implement multiple server management and security solutions with the same server motherboard design...
October 10, 2023 12:02 PM
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected...
October 10, 2023 12:02 PM
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
October 05, 2023 3:00 PM
Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome." Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended wel...
October 03, 2023 12:55 PM
Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network
We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ...
October 02, 2023 1:00 PM
Birthday Week recap: everything we announced — plus an AI-powered opportunity for startups
Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...
September 29, 2023 1:00 PM
Cloudflare now uses post-quantum cryptography to talk to your origin server
Starting today, you can secure the connection between Cloudflare and your origin server with post-quantum cryptography...
September 29, 2023 1:00 PM
Detecting zero-days before zero-day
In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....