ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.
Category: CloudFlare
Breaking News, CloudFlare, Exploits, Global Security News, hacking, hacking news, Security
ACME flaw in Cloudflare allowed attackers to reach origin servers
Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path.…
Botnet, CloudFlare, cyber attacks, Global Security News, Security
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks.
A Little Sunshine, CloudFlare, Global Security News, Latest Warnings, The Coming Storm
The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that…
CloudFlare, Cybersecurity, Global Security News, Internet, Security
Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit
Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored.
CloudFlare, cyber attack, cyber attacks, Cybersecurity, Global Security News, Security
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet
Qrator Labs blocked a record L7 DDoS attack from a 5.76M-device botnet targeting government systems, showing rapid global growth since March.
CloudFlare, cyber attack, cyber attacks, Cybersecurity, Global Security News, Security
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps
Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting…
CloudFlare, cyber attacks, Cybersecurity, data breach, Global Security News, Security
Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift
Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems…
Breaking News, CloudFlare, cyber crime, Global Security News, hacking, Security
Cloudflare blocked a record 11.5 Tbps DDoS attack
Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare…
AI, CloudFlare, Cybersecurity, Global Security News, Technology, web scraping
Cloudflare rolls out ‘pay-per-crawl’ feature to constrain AI’s limitless hunger for data
Cloudflare announced Tuesday it will allow customers to block or charge fees for web crawlers deployed to scrape their websites and data on behalf of AI systems. In a blog on its corporate website, Will Allen, Cloudflare’s vice president of product, and Simon Newton, an engineer manager, said the company is establishing a new system…
A Little Sunshine, Breadcrumbs, CloudFlare, DDoS, fbi, Forky, Global Security News, Internet of Things (IoT), Jigsaw, Kaike Southier Leite, Mirai, Ne'er-Do-Well News, Project Shield, QiAnXin XLab, stresser, The Coming Storm, U.S. Department of Justice, yfork
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching…
CloudFlare, Global Security News, IBM, NIST, Post-Quantum Cryptography, quantum computing, RSAC 2025 Conference, Technology
Quantum computer threat spurring quiet overhaul of internet security
SAN FRANCISCO — Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable. Speaking at Cloudflare’s Trust Forward Summit on Wednesday, encryption leaders at IBM Research, Amazon Web Services and Cloudflare…
CloudFlare, Cybersecurity, Global Security News, Post-Quantum Cryptography, quantum computing, Technology
Cloudflare rolls out post-quantum encryption for enterprise users
Internet security company Cloudflare, the world’s largest DDoS-mitigation service, plans to shift a sizable chunk of its traffic through post-quantum encrypted services over the next year. Approximately 35% of human-directed web traffic to Cloudflare’s network is currently protected through advanced encryption algorithms. These algorithms are theoretically designed to withstand attacks from significantly more powerful quantum…
CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
A Little Sunshine, CloudFlare, Global Security News, Google, How to Break Into Security, Mastercard, Philippe Caturegli, Seralys
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent…
CloudFlare, Cybersecurity, Global Security News, group-1b, Microsoft, Microsoft 365, Microsoft Office, microsoft outlook, phishing, phishing-as-a-service, Security, Sekoia, sneaky 2fa, sneaky log, Social Engineering, Telegram, trac labs, two factor authentication
‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security
The phishing-as-a-service kit from Sneaky Log creates fake authentication pages to farm account information, including two-factor security codes.
A Little Sunshine, Breadcrumbs, CloudFlare, Global Security News, Russia's War on Ukraine, Web Fraud 2.0
How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses,…
CloudFlare, Emerging Tech, Global Security News, Have I Been Pwned
Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching
I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered…
CloudFlare, cyber crime, Cybersecurity, DDoS, Exploits, Global Security News, Network Attacks
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17.2 million requests per second, the company wrote in a blog post. For scale, the entirety of the Cloudflare network typically sees around 25 million requests per second…