Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months
Stay secure online with the latest Cloudflare updates and insights in information security, protecting websites and networks from threats.
Search across headline titles and summaries.
Background for this topic.
Cloudflare operates a global content delivery and security network that sits between internet users and websites or services. It provides distributed denial-of-service (DDoS) mitigation, web application firewall (WAF) capabilities, and secure DNS resolution, helping to filter malicious traffic and improve site availability. By proxying traffic through its edge servers, Cloudflare can inspect, block, or rate-limit requests based on threat intelligence and configured security policies.
From an information security perspective, Cloudflare’s platform introduces critical considerations around trust and attack surface. Organizations relying on it must monitor for vulnerabilities in its software stack and configuration errors that could expose sensitive data or allow bypass of protections. Additionally, Cloudflare’s role as a traffic intermediary means that any compromise or misconfiguration could impact confidentiality and integrity of data in transit, making careful management of encryption and access controls essential.
Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months