Cloudflare 2023 Year in Review
December 12, 2023 1:00 PM
The 2023 Cloudflare Radar Year in Review is our fourth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level......
Introducing the Project Argus Datacenter-ready Secure Control Module design specification
October 16, 2023 5:53 PM
The DC-SCM (Datacenter-ready Secure Control Module) decouples server management from the server motherboard. It provides flexibility to implement multiple server management and security solutions with the same server motherboard design...
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
October 10, 2023 12:02 PM
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected...
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
October 10, 2023 12:02 PM
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed...
Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
October 05, 2023 3:00 PM
Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome." Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome...
MORE POSTS
October 02, 2023 1:00 PM
Birthday Week recap: everything we announced — plus an AI-powered opportunity for startups
Need a recap or refresher on all the big Birthday Week news this week? This recap has you covered...
- By
September 29, 2023 1:00 PM
Cloudflare now uses post-quantum cryptography to talk to your origin server
Starting today, you can secure the connection between Cloudflare and your origin server with post-quantum cryptography...
- By
September 29, 2023 1:00 PM
Detecting zero-days before zero-day
In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....
- By
September 29, 2023 1:00 PM
Cloudflare is free of CAPTCHAs; Turnstile is free for everyone
Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use. ...
- By
September 25, 2023 1:00 PM
Cloudflare account permissions, how to use them, and best practices
Cloudflare has a lot of new roles, how should we use them, and how can we stay safe...
- By
September 15, 2023 1:00 PM
Making Content Security Policies (CSPs) easy with Page Shield
We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...
- By
August 21, 2023 2:15 PM
Application Security Report: Q2 2023
We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...
- By
August 21, 2023 1:00 PM
An August reading list about online security and 2023 attacks landscape
Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...
- By
August 09, 2023 1:00 PM
Introducing per hostname TLS settings — security fit to your needs
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
- By
August 04, 2023 6:29 PM
Unmasking the top exploited vulnerabilities of 2022
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
- By
July 25, 2023 12:47 AM
How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data process...
- By
July 11, 2023 1:00 PM
Bring your own CA for client certificate validation with API Shield
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
- By
June 08, 2023 2:00 PM
Cloudflare Area 1 earns SOC 2 report
Many customers want assurance that the sensitive information they send to us can be kept safe. One of the best ways to provide this assurance is a SOC 2 Type II report...
- By
June 06, 2023 1:00 PM
Examining HTTP/3 usage one year on
With the HTTP/3 RFC celebrating its 1st birthday, we examined HTTP version usage trends between May 2022 - May 2023. We found that HTTP/3 usage by browsers continued to grow, but that search engine and social media bots continued to effectively ignore the latest version of the we...
- By