October 10, 2023
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
October 05, 2023
Google announced a security issue in Chrome titled "Heap buffer overflow in WebP in Google Chrome." At first it seemed like just another bug, but has implications that extended well beyond Chrome....
October 03, 2023
We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ...
October 02, 2023
Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...
September 29, 2023
Starting today, you can secure the connection between Cloudflare and your origin server with post-quantum cryptography...
September 29, 2023
Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use. ...
September 25, 2023
Cloudflare has a lot of new roles, how should we use them, and how can we stay safe...
September 15, 2023
We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...
August 21, 2023
We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...
August 21, 2023
Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...
August 09, 2023
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
August 04, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
July 25, 2023
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data process...
July 11, 2023
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
June 08, 2023
Many customers want assurance that the sensitive information they send to us can be kept safe. One of the best ways to provide this assurance is a SOC 2 Type II report...
June 06, 2023
With the HTTP/3 RFC celebrating its 1st birthday, we examined HTTP version usage trends between May 2022 - May 2023. We found that HTTP/3 usage by browsers continued to grow, but that search engine and social media bots continued to effectively ignore the latest version of the we...
May 18, 2023
Introducing Secrets Store by Cloudflare - the ultimate solution for managing your application secrets securely. Safeguard sensitive information, track access, and maintain ease of use....
May 18, 2023
Earn best practices for securing generative AI applications based on Cloudflare's experience protecting some of the largest AI applications in the world...
April 25, 2023
Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...
