Vulnerabilities
Cloudflare
Tue Jul 09 2024
RADIUS/UDP vulnerable to improved MD5 collision attack
The RADIUS protocol is commonly used to control administrative access to networking gear.
CDNJS
Wed Jun 26 2024
Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
polyfill.
Cloud-Email-Security
Thu May 30 2024
Disrupting FlyingYeti's campaign targeting Ukraine
Bug-Bounty
Thu Mar 14 2024
Mitigating a token-length side-channel attack in our AI products
The Workers AI and AI Gateway team recently collaborated closely with security researchers at Ben Gurion University regarding a report submi...
Security-Week
Wed Mar 06 2024
Eliminate VPN vulnerabilities with Cloudflare One
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an Emergency Directive due to the Ivanti Connect Secure and Policy...
DNSSEC
Thu Feb 29 2024
Remediating new DNSSEC resource exhaustion vulnerabilities
Cloudflare recently fixed two critical DNSSEC vulnerabilities: CVE-2023-50387 and CVE-2023-50868.
Tue Jan 23 2024
How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability
Cloudforce-One
Sat Oct 14 2023
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information
DDoS
Tue Oct 10 2023
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Security
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks.
Thu Oct 05 2023
Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome.
WAF
Fri Aug 04 2023
Unmasking the top exploited vulnerabilities of 2022
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities ...
Hardware
Tue Jul 25 2023
How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today.
Cloudflare-Images
Mon Jul 10 2023
How Cloudflare Images addressed the aCropalypse vulnerability
Customers using Cloudflare Images or Image Resizing products are protected against the aCropalypse vulnerability.
Bug-Bounty-Program
Dropbox
Tue Sep 20 2022
Defending against SSRF attacks (with help from our bug bounty program)
