Stay secure online with the latest Cloudflare updates and insights in information security, protecting websites and networks from threats.
Search across headline titles and summaries.
Background for this topic.
Cloudflare is a web infrastructure and website security company that offers services aiming to enhance online security, performance, and reliability for website owners and users. Within information security, Cloudflare provides a suite of products that protect against various threats such as Distributed Denial of Service (DDoS) attacks, malicious bot activity, and data breaches.
The company operates a global network of data centers that work together to absorb and mitigate traffic spikes, filter harmful traffic, and ensure that legitimate visitors have uninterrupted access. Cloudflare's security services include features like the Web Application Firewall (WAF), secure DNS services, and SSL/TLS encryption to safeguard data in transit. In essence, it acts as a shield between the user's website and the rest of the internet, analyzing and screening out potential threats before they can cause harm.
Weekly headline count for the current query.
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was […]
Also: Rethinking SASE and AI's Impact on the Cyber WorkforceIn this week's panel, four ISMG editors discussed what the Musk vs. Altman trial exposed about OpenAI's governance program, how AI is reshaping the way enterprises think about security and why Cisco, Cloudflare, Arctic Wolf and other firms are redesigning their workforces for the AI era.
Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of StaffCloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-driven workflows and productivity gains. And Arctic Wolf laid off 250 workers from its estimated staff of 3,402 to free resources for investment in AI initiatives.
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security
Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale
UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location.…
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. [...]
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…
Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructure
OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech Interview After Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for not disrupting pirate video streams, rival CDN provider Akamai’s CEO Dr. Tom Leighton fired back with what reads a lot like thinly veiled criticism.…
The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.
Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations.
Suggests rotten routing, not evidence of a cyber-strike before kinetic action Cloudflare has poured cold water on a theory that the USA’s incursion into Venezuela coincided with a cyberattack on telecoms infrastructure.…
Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…
Outage Briefly Took Down Zoom, LinkedIn and Other WebsitesContent delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare's web application firewall parses requests.
Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. [...]
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. [...]