2026-03-09 14:00
🚨 We have disclosed request smuggling vulnerabilities in the Pingora open source framework, specifically when used as an ingress proxy. The vulnerabilities, identified as CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, were responsibly reported by Rajat Raghav through our Bug Bounty Program. No impact was detected on Cloudflare’s CDN or customer traffic, but users of standalone Pingora deployments should upgrade to version 0.8.0 for fixes and hardening. For details on how these...
Source: Cloudflare Blog
Andrew Hauck
2026-03-09 06:00
🌐 Cloudflare partners TachTech and Adapture are revolutionizing SASE migrations, cutting timelines from 18 months to just 6 weeks. By treating security as software, they are enhancing the deployment process for global enterprises. This shift eliminates the complexities often tied to legacy systems. Key strategies include leveraging identity-first on-ramps and consolidated policy engines for a faster transition. 📈 #Cloudflare #SASE #ZeroTrust #Cybersecurity #TechInnovation
Source: Cloudflare Blog
Warnessa Weaver
2026-03-06 14:00
🌐 Cloudflare One is enhancing data security by unifying controls from endpoint to prompt. This approach addresses the critical question of where sensitive data resides and who can access it. Key updates include clipboard controls for browser-based RDP and on-device data loss prevention. These features ensure visibility, control, and enforcement across all data interactions. 🔒💻 #DataSecurity #CloudflareOne #CyberSecurity #EndpointProtection #AIProtection
Source: Cloudflare Blog
Alex Dunbrack
2026-03-05 14:00
🌐 Cloudflare has enhanced its One Client with Dynamic Path MTU Discovery, transforming how packet sizes are managed. This update addresses the common "PMTUD Black Hole" issue, which occurs when packets exceed network limits without clear feedback. The client now adjusts packet sizes actively, ensuring stable connections across diverse networks. This advancement supports modern security needs while adapting to legacy infrastructure challenges. 🔒💻 #Cloudflare #NetworkSecurity #MTU #TechUpdate...
Source: Cloudflare Blog
Todd Murray
2026-03-05 06:00
🚀 Exciting improvements in Cloudflare's One Client! By transitioning to QUIC streams for Proxy Mode, the team has doubled throughput and significantly reduced latency. This change addresses common user frustrations like slow browsing and file transfers. The revamped architecture eliminates the inefficiencies of the previous user-space TCP stack, enhancing performance for media-heavy sites. #Cloudflare #SASE #QUIC #ProxyMode #TechInnovation
Source: Cloudflare Blog
Gregor Maier
2026-03-05 06:00
🚀 Automatic Return Routing (ARR) addresses the challenge of overlapping private IP addresses in enterprise networks. This new tool from Cloudflare One uses stateful flow tracking to ensure return traffic reaches the correct origin tunnel, eliminating the need for manual NAT or complex VRF configurations. ARR is designed for common scenarios like mergers, extranet connections, and cookie-cutter architectures, making it easier for overlapping networks to coexist. #Cloudflare #Networking...
Source: Cloudflare Blog
Thea Heinen
2026-03-04 15:00
🔒 Cloudflare is enhancing web security with its new Attack Signature Detection and Full-Transaction Detection features. These innovations eliminate the trade-off between logging and blocking modes in traditional WAFs. By analyzing both requests and responses, Cloudflare can reduce false positives and identify threats more effectively. Attack Signature Detection is now available in Early Access, while Full-Transaction Detection is in development. This always-on framework ensures continuous...
Source: Cloudflare Blog
Daniele Molteni
2026-03-04 14:00
Cloudflare introduces new tools for enhanced security, focusing on mandatory authentication and multi-factor authentication (MFA). These tools aim to bridge visibility gaps in network security from device boot to resource access. The Cloudflare One Client improves control over Internet access. Mandatory authentication ensures that only authenticated devices can connect, enhancing security and accountability. This feature will first be available on Windows, with plans for other platforms soon....
Source: Cloudflare Blog
Rhett Griggs
2026-03-04 06:00
Cloudflare is teaming up with Nametag to tackle the rising threat of laptop farms and identity fraud in remote work environments. 💻🔒 The partnership aims to enhance identity verification during employee onboarding and ensure continuous authentication, addressing vulnerabilities in the zero trust model. As attackers leverage AI and deepfake technology to infiltrate companies, traditional security measures are proving inadequate. Companies must adapt to protect sensitive information....
Source: Cloudflare Blog
Ann Ming Samborski
2026-03-04 06:00
🌐 Cloudflare introduces the Gateway Authorization Proxy, enhancing security for clientless devices like virtual desktops and guest networks. This solution shifts identity verification from devices to the network, allowing for granular policy enforcement on any internet-connected device. The new system uses Cloudflare Access-style logins, ensuring accurate user identification for better control and compliance. Discover how this upgrade can streamline your access management! 🔒📊 #Cloudflare...
Source: Cloudflare Blog
Alex Holland
2026-03-04 06:00
Cloudflare One introduces dynamic User Risk Scores to enhance security measures. This update allows organizations to evaluate user behavior continuously, moving beyond simple "allow/deny" access rules. 🔒 Now, security teams can assess how users behave, enabling real-time access adjustments based on risk scores derived from various behaviors like failed logins and data handling. 📊 Integrations with partners like CrowdStrike enhance this capability by providing external telemetry. This approach...
Source: Cloudflare Blog
Ann Ming Samborski
2026-03-03 14:00
🚀 Cloudflare has upgraded its Threat Intelligence Platform to help cybersecurity teams tackle the "data gravity" problem. The new system eliminates complex ETL pipelines, utilizing a sharded architecture for quicker data processing. This allows security teams to visualize and automate threat responses in real time. With a focus on actionable insights, the platform correlates threats, actors, and indicators, creating a unified command center for effective monitoring and prevention. #Cloudflare...
Source: Cloudflare Blog
Jacob Crisp
2026-03-03 14:00
🚨 The 2026 Cloudflare Threat Report highlights a shift in cyber threats. With a record 31.4 Tbps DDoS attack and advanced session token theft, attackers are now using high-trust exploitation methods. 🔍 Key trends include: - AI automating attacks - State-sponsored threats targeting infrastructure - Weaponization of trusted cloud tools This report aims to provide organizations with essential insights to navigate this evolving landscape. #CyberSecurity #ThreatReport #Cloudflare #DataProtection...
Source: Cloudflare Blog
Cloudforce One
2026-03-03 06:00
Email security is in a constant battle against evolving threats. Traditional methods often react to past attacks, leaving unseen gaps in protection. The article discusses how Large Language Models (LLMs) can shift this approach to proactive detection. By analyzing unstructured data, LLMs help identify threats before they escalate, providing insights into the threat landscape. Cloudflare's integration of LLMs enhances email security, allowing for real-time categorization and improved threat...
Source: Cloudflare Blog
Ayush Kumar
2026-03-03 06:00
🌥️ Cloudy is an innovative LLM-powered explanation layer integrated into Cloudflare One. It provides clear, human-readable guidance for security decisions. 🔍 As the security landscape grows complex, Cloudy helps users understand the reasoning behind flagged detections in real-time. This enhances decision-making for both security teams and end users. 📈 By translating intricate machine learning outputs, Cloudy reduces noise and improves efficiency in security operations. #CloudSecurity...
Source: Cloudflare Blog
Alex Dunbrack
2026-03-03 06:00
🚀 Cloudflare introduces CASB Remediation! Now, security teams can not only identify risky file sharing in Microsoft 365 and Google Workspace but also fix it directly from the Cloudflare One dashboard. This new feature streamlines the process, allowing users to take action with just a click. With continuous scanning and a consolidated view of risks, Cloudflare CASB enhances protection across various SaaS applications. #Cloudflare #CASB #Cybersecurity #CloudSecurity #SaaS
Source: Cloudflare Blog
Michael Leslie
2026-03-02 06:00
🚀 Project Helix is here to simplify the onboarding for Cloudflare One! This new tool utilizes automation and Terraform templates, allowing customers to quickly deploy best-practice configurations in just minutes. Cloudflare aims to reduce complexity in cybersecurity, making their SASE platform easier to use while ensuring customers access powerful security features without hassle. Learn how Project Helix accelerates your Zero Trust journey! 🔐✨ #Cloudflare #ZeroTrust #Cybersecurity...
Source: Cloudflare Blog
Michael Koyfman
2026-03-02 06:00
🚀 In 2026, the corporate network landscape is evolving with agile SASE at the forefront. Cloudflare One secures humans, devices, and AI agents in a single connectivity cloud. The shift to remote work has prompted a rethink of security, moving away from fragmented legacy systems. Organizations face the 'fragmentation penalty' of managing outdated hardware and VPNs, which hinders growth. Cloudflare One offers a unified platform that converges networking and security, eliminating bottlenecks and...
Source: Cloudflare Blog
Yumna Moazzam
2026-03-02 06:00
Discover the power of Cloudflare's SASE platform, designed for real-time security customization. With a native developer stack, organizations can build tailored security logic directly at the edge, enhancing flexibility. This platform allows for immediate responses to security events by integrating external data. Cloudflare's global network ensures seamless operation across services, optimizing both security and application deployment. #Cloudflare #SASE #CyberSecurity #Programmability...
Source: Cloudflare Blog
Abe Carryl
2026-02-27 07:00
Minor misconfigurations and request anomalies can seem harmless, but when they accumulate, they may lead to security incidents known as "toxic combinations." 🛡️🔍 These combinations occur when attackers exploit multiple small issues, like debug flags or unauthenticated paths, to breach systems. Cloudflare’s data helps identify these signals early. The article outlines how to recognize these threats and emphasizes the importance of analyzing patterns rather than focusing solely on individual...
Source: Cloudflare Blog
Himanshu Anand
2026-02-27 06:00
🚀 ASPA is the new cryptographic standard aimed at enhancing the security of Internet routing by verifying the entire path network traffic takes. By building on existing systems like RPKI, ASPA helps prevent route leaks, ensuring data travels through authorized networks only. Cloudflare Radar now offers tools to track ASPA's adoption across different regions. Stay informed on this important development in Internet security! 🔒🌐 #InternetSecurity #BGP #ASPA #Cloudflare #Routing
Source: Cloudflare Blog
Bryton Herdes
2026-02-27 06:00
🌐 Cloudflare Radar is enhancing transparency in post-quantum usage, encrypted messaging, and routing security. New tools include monitoring PQ adoption and Key Transparency logs for services like WhatsApp. Users can now verify the integrity of public key distribution in real-time. Additionally, routing security insights have expanded to include ASPA records, aiding in the detection of BGP route leaks. #Cybersecurity #PostQuantum #EncryptedMessaging #Cloudflare #RoutingSecurity
Source: Cloudflare Blog
Mari Galicer
2026-02-27 06:00
Cloudflare's Turnstile widget and Challenge Pages are seen 7.67 billion times daily, making them possibly the most-visible UI online. 🔍 To enhance user experience, Cloudflare undertook a redesign focusing on accessibility and usability for diverse audiences. This process involved extensive research and engineering efforts to accommodate increasing security demands without compromising user satisfaction. Learn more about their approach and the impact on users. 🌐 #UserExperience #WebDesign...
Source: Cloudflare Blog
Marina Elmore
2026-02-27 06:00
The Web Streams API has been a key part of JavaScript, but it was created with outdated design principles. A recent article discusses its limitations and suggests a new streaming API that aligns better with modern JavaScript practices. This alternative could be significantly faster, outperforming Web streams by up to 120 times in some tests. The article highlights the need for a conversation around improving streaming APIs to enhance usability and performance for developers today. 🔗💻🚀...
Source: Cloudflare Blog
James M Snell
2026-02-24 20:00
🚀 Last week, an engineer used AI to recreate Next.js on Vite, resulting in vinext. This new framework is a drop-in replacement for Next.js, enabling builds up to 4x faster and producing 57% smaller bundles. It simplifies deployment to Cloudflare Workers with a single command. Vinext addresses Next.js's deployment challenges and offers a fresh implementation of its API directly on Vite. #Vinext #NextJS #WebDevelopment #AI #Cloudflare
Source: Cloudflare Blog
Steve Faulkner
2026-02-23 06:00
🌐 Cloudflare has launched Cloudflare One, the first SASE platform featuring post-quantum encryption. This upgrade implements hybrid ML-KEM for secure web gateways and Zero Trust solutions. 🔒 The initiative addresses the urgent need for post-quantum cryptography as the deadline for transitioning from traditional encryption methods approaches. 🚀 The Cloudflare IPsec product now supports this modern encryption standard, enhancing secure connections across networks. For more info, reach out to...
Source: Cloudflare Blog
David Gauch
2026-02-21 00:00
On February 20, 2026, Cloudflare faced a service outage affecting customers using the Bring Your Own IP (BYOIP) service. This was due to a change in IP address management, which unintentionally withdrew routes via BGP. 🌐 The outage lasted over 6 hours, impacting approximately 1,100 BYOIP prefixes. Customers experienced connection failures, but many were able to restore service through the Cloudflare dashboard. 📊 Cloudflare has acknowledged the issue and is outlining steps to prevent future...
Source: Cloudflare Blog
Dzevad Trumic
2026-02-20 14:00
Introducing Code Mode for the Cloudflare API! 🌐 This new system consolidates over 2,500 API endpoints into just two tools: search() and execute(), using only about 1,000 tokens. This method significantly reduces token usage by 99.9%. Code Mode allows AI agents to efficiently interact with the API while maintaining a compact context. It’s now available for use, along with an open-sourced Code Mode SDK. #Cloudflare #APITechnology #CodeMode #AI #Innovation
Source: Cloudflare Blog
Matt Carey
2026-02-13 06:00
🌐 Cloudflare has introduced ecdysis, a Rust library designed for zero-downtime upgrades of network services. After five years of production use, it is now open source. Ecdysis allows for graceful restarts, ensuring no connections are dropped during updates. This is crucial for services that manage millions of requests globally. The library addresses the challenges of traditional restart methods, which can lead to dropped connections and degraded performance. With ecdysis, service continuity...
Source: Cloudflare Blog
Manuel Olguín Muñoz
2026-02-12 14:03
🚀 The online content landscape is evolving. As AI agents take center stage, businesses must adapt by treating these agents as key players in content discovery. Markdown for Agents enables real-time conversion of HTML to markdown, which is more efficient for AI processing. This reduces token usage significantly, improving performance and lowering costs. Cloudflare now supports this automatic conversion, allowing AI systems to request markdown directly, streamlining how content is served....
Source: Cloudflare Blog
Will Allen
2026-02-05 14:00
🚨 The 2025 Q4 DDoS Threat Report reveals a staggering rise in DDoS attacks, more than doubling to 47.1 million for the year. In Q4 alone, the Aisuru-Kimwolf botnet executed hyper-volumetric assaults, with one attack peaking at 31.4 Tbps. 🌐 Network-layer attacks tripled, and Hong Kong and the UK saw significant increases in targeted incidents. Telcos were the most affected industry. #DDoS #CyberSecurity #Cloudflare #ThreatReport #TechNews
Source: Cloudflare Blog
Cloudforce One
2026-02-03 14:00
🚀 Exciting news! Cloudflare has launched Local Uploads for R2 in open beta. This feature significantly reduces upload request duration by up to 75%. It works by writing object data to a nearby location first, then asynchronously copying it to the main bucket. Data remains immediately accessible and strongly consistent, improving performance for global applications. 🌍 Try Local Uploads today in the Cloudflare Dashboard or with a simple command! #Cloudflare #R2 #LocalUploads #TechUpdate...
Source: Cloudflare Blog
Anni Wang
2026-01-30 17:01
The UK’s Competition and Markets Authority (CMA) is reviewing new rules for Google to enhance transparency and choice for publishers. 📜 These proposed measures aim to protect content creators from unfair practices as Google’s dual-purpose crawler fuels its generative AI services. The CMA’s designation of Google as having Strategic Market Status allows for enforceable rules in the search ecosystem. 🔍 Publishers need clear options to control how their content is used, especially regarding AI...
Source: Cloudflare Blog
Sebastian Hufnagel
2026-01-30 14:00
🚀 Today, Cloudflare introduces a new Worker template for Vertical Microfrontends (VMFE). This template allows multiple independent Workers to operate under one domain, creating a seamless single-page application experience. Teams can now manage marketing, documentation, and dashboards separately while ensuring cohesive user interaction. Vertical microfrontends shift the focus from horizontal architecture, granting teams full ownership of their designated URL paths. This approach addresses...
Source: Cloudflare Blog
Brayden Wilmoth
2026-01-29 14:00
Introducing Moltworker! 🚀 This new middleware allows users to self-host Moltbot, an open-source AI personal assistant, on Cloudflare's Sandbox SDK without needing extra hardware. Moltbot can manage tasks like finances and social media directly through messaging apps. With improved Node.js compatibility in Cloudflare Workers, building tools has become easier and more efficient. Explore the potential of AI with Moltworker! 🤖✨ #Moltworker #AI #Cloudflare #TechInnovation #SelfHosted
Source: Cloudflare Blog
Andreas Jansson
2026-01-27 14:00
🚀 Exciting news in decentralized communication! A complete Matrix homeserver has been successfully ported to Cloudflare Workers. This innovation delivers encrypted messaging at the edge, featuring automatic post-quantum cryptography. Traditionally, running a Matrix homeserver involved complex system administration and high operational costs. Now, this serverless architecture eliminates those burdens, making deployment easier and more efficient. For developers, this means lower costs, low...
Source: Cloudflare Blog
Nick Kuntz
2026-01-26 14:00
In Q4 2025, Internet connectivity faced over 180 disruptions due to various factors. 🌍 Notable incidents included multiple cable cuts affecting several countries and disruptions caused by extreme weather and power outages. The ongoing conflict in Ukraine also impacted connectivity. In Tanzania, a government-directed Internet shutdown occurred during presidential elections, lasting over 26 hours. For detailed data, visit the Cloudflare Radar Outage Center. 📊 #InternetDisruptions #Q42025...
Source: Cloudflare Blog
David Belson
2026-01-23 14:00
🚨 On January 22, 2026, a configuration error led to an unintended leak of Border Gateway Protocol (BGP) prefixes from our Miami data center. This incident affected Cloudflare customers and other external parties, causing traffic congestion and increased latency for about 25 minutes. We apologize for any disruptions this caused. We are taking steps to ensure this does not happen again. For more on route leaks, you can check our Cloudflare Radar. #BGP #Cloudflare #NetworkSecurity #IncidentReport
Source: Cloudflare Blog
Tom Strickx
2026-01-19 14:00
📢 A recent vulnerability in Cloudflare's ACME validation logic has been identified and addressed. On October 13, 2025, researchers from FearsOff reported an issue that affected some WAF features on specific ACME paths. The flaw allowed certain requests to bypass security, but Cloudflare has since patched it. No action is required from customers, and there are no known instances of exploitation. 🔒 Your security remains a priority. #Cloudflare #CyberSecurity #Vulnerability #ACME #WAF
Source: Cloudflare Blog
Leland Garofalo
2026-01-16 14:00
🚀 Exciting news! The Astro Technology Company is now part of Cloudflare. Together, they aim to enhance the Astro web framework for content-driven websites. Astro has gained popularity among various developers, from brands like Porsche to AI companies like OpenAI. It powers platforms like Webflow and Wix, and Cloudflare uses it for its own sites as well. Astro 6 is approaching, featuring a new development server powered by Vite. The public beta is already available! Astro remains open-source...
Source: Cloudflare Blog
Brendan Irvine-Broque