Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors
Makers of Chrome, Edge, Firefox back bot-fraud defense called Private Access Control Tokens
Stay secure online with the latest Cloudflare updates and insights in information security, protecting websites and networks from threats.
Search across headline titles and summaries.
Background for this topic.
Cloudflare operates a global content delivery and security network that sits between internet users and websites or services. It provides distributed denial-of-service (DDoS) mitigation, web application firewall (WAF) capabilities, and secure DNS resolution, helping to filter malicious traffic and improve site availability. By proxying traffic through its edge servers, Cloudflare can inspect, block, or rate-limit requests based on threat intelligence and configured security policies.
From an information security perspective, Cloudflare’s platform introduces critical considerations around trust and attack surface. Organizations relying on it must monitor for vulnerabilities in its software stack and configuration errors that could expose sensitive data or allow bypass of protections. Additionally, Cloudflare’s role as a traffic intermediary means that any compromise or misconfiguration could impact confidentiality and integrity of data in transit, making careful management of encryption and access controls essential.
Weekly headline count for the current query.
Makers of Chrome, Edge, Firefox back bot-fraud defense called Private Access Control Tokens
UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location.…
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…
OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech Interview After Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for not disrupting pirate video streams, rival CDN provider Akamai’s CEO Dr. Tom Leighton fired back with what reads a lot like thinly veiled criticism.…
Suggests rotten routing, not evidence of a cyber-strike before kinetic action Cloudflare has poured cold water on a theory that the USA’s incursion into Venezuela coincided with a cyberattack on telecoms infrastructure.…
Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million infected machines.…
PLUS: Manga publishers win Cloudflare copyright case; India, EU to link payment systems; Storm over Australia’s weather website; And more! Asia In Brief Infosys co-founder Narayana Murthy has suggested Indian citizens should work even longer, suggesting his previous target of 70-hour weeks could climb to 72.…
Dashboard loop caused API outage that was hard to troubleshoot Cloudflare has confessed to a coding error using a React useEffect hook, notorious for being problematic if not handled carefully, that caused an outage for the platform's dashboard and many of its APIs.…
Meanwhile the victim count grows The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.…
Show of hands: who WASN'T targeted? The list of victims keeps growing, as yet another company — Cloudflare — today disclosed that some of its customers' data was also compromised in the Salesloft Drift breach.…
PLUS: Comet AI browser fooled; Microsoft sets sail for quantum safety; Sailor sent down for espionage Infosec in brief PLUS…
Phishing, Python and RATs, oh my A sneaky malware campaign slithers through Cloudflare tunnel subdomains to execute in-memory malicious code and give unknown attackers long-term access to pwned machines.…
Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Infosec in brief Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…
Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was 'minimal' The Danish military has confirmed it is tracking a Chinese ship that is under investigation after two optical fiber internet cables under the Baltic Sea were damaged, an situation German Defense Minister Boris Pistorius insists was "sabotage."…
Allowed access to 150k cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) – but the payment won’t make good its past security failings, including a blunder that led to CCTV footage of Tesla, Cloudflare, and others being snooped on. Instead, the fine is about spam.…
Immerse is Cloudflare’s premier annual conference in Southeast Asia Partner Content Cloudflare is excited to present Immerse, our flagship event designed to connect attendees directly with the ideas, technologies and business leaders driving network and security transformation.…
Take a deep dive into the world of emerging cyber threats and defense strategies with Cloudflare Webinar In a world where cyber threats are continually evolving, staying informed is critical for IT and security professionals.…
Explore the latest trends in cybersecurity with expert insight from Cloudflare Webinar As cyber threats grow more sophisticated, staying informed is crucial for IT professionals.…
Leaves a trail of ransomware infections, data theft, business email compromise in its wake Insight The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz.…