HTTP/2 Rapid Reset: deconstructing the record-breaking attack
October 10, 2023
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks...
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
October 10, 2023
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
October 05, 2023
Google announced a security issue in Chrome titled "Heap buffer overflow in WebP in Google Chrome." At first it seemed like just another bug, but has implications that extended well beyond Chrome....
Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network
October 03, 2023
We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ...
Birthday Week recap: everything we announced — plus an AI-powered opportunity for startups
October 02, 2023
Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...
MORE POSTS
September 29, 2023
Detecting zero-days before zero-day
In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....
- By
September 29, 2023
Cloudflare is free of CAPTCHAs; Turnstile is free for everyone
Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use. ...
- By
September 25, 2023
Cloudflare account permissions, how to use them, and best practices
Cloudflare has a lot of new roles, how should we use them, and how can we stay safe...
- By
September 15, 2023
Making Content Security Policies (CSPs) easy with Page Shield
We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...
- By
August 21, 2023
Application Security Report: Q2 2023
We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...
- By
August 21, 2023
An August reading list about online security and 2023 attacks landscape
Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...
- By
August 09, 2023
Introducing per hostname TLS settings — security fit to your needs
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
- By
August 04, 2023
Unmasking the top exploited vulnerabilities of 2022
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
- By
July 25, 2023
How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data process...
- By
July 11, 2023
Bring your own CA for client certificate validation with API Shield
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
- By
June 08, 2023
Cloudflare Area 1 earns SOC 2 report
Many customers want assurance that the sensitive information they send to us can be kept safe. One of the best ways to provide this assurance is a SOC 2 Type II report...
- By
June 06, 2023
Examining HTTP/3 usage one year on
With the HTTP/3 RFC celebrating its 1st birthday, we examined HTTP version usage trends between May 2022 - May 2023. We found that HTTP/3 usage by browsers continued to grow, but that search engine and social media bots continued to effectively ignore the latest version of the we...
- By
May 18, 2023
Announcing Cloudflare Secrets Store
Introducing Secrets Store by Cloudflare - the ultimate solution for managing your application secrets securely. Safeguard sensitive information, track access, and maintain ease of use....
- By
May 18, 2023
How to secure Generative AI applications
Earn best practices for securing generative AI applications based on Cloudflare's experience protecting some of the largest AI applications in the world...
- By