Latest Cloudflare news

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion.
- Ax Sharma
- June 28, 2024
- 09:00 AM
- 1
Cloudflare: We never authorized polyfill.io to use our name

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack.
- Ax Sharma
- June 27, 2024
- 05:18 AM
- 1
New Latrodectus malware attacks use Microsoft, Cloudflare themes

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
- Lawrence Abrams
- April 30, 2024
- 06:08 PM
- 0
Cloudflare hacked using auth tokens stolen in Okta attack

Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system.
- Sergiu Gatlan
- February 01, 2024
- 03:53 PM
- 4
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
- Sergiu Gatlan
- November 09, 2023
- 04:25 PM
- 4
Cloudflare Dashboard and APIs down after data center power outage

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations.
- Sergiu Gatlan
- November 02, 2023
- 12:13 PM
- 0
Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
- Bill Toulas
- October 26, 2023
- 09:00 AM
- 0
Cloudflare DDoS protections ironically bypassed using Cloudflare

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
- Bill Toulas
- September 30, 2023
- 10:16 AM
- 5
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections

Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.
- Bill Toulas
- August 07, 2023
- 04:03 PM
- 0
DDoS attacks shifting to VPS infrastructure for increased power

Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS).
- Bill Toulas
- April 12, 2023
- 03:40 PM
- 0
Cloudflare blocks record-breaking 71 million RPS DDoS attack

This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date.
- Sergiu Gatlan
- February 13, 2023
- 02:50 PM
- 2
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
- Bill Toulas
- January 07, 2023
- 10:12 AM
- 0
Cloudflare's Zero Trust suite now available for free to at-risk groups

Cloudflare has made its 'Cloudflare One Zero Trust' security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project.
- Bill Toulas
- December 12, 2022
- 09:53 AM
- 0
Cloudflare raises monthly plan prices for the first time

Cloudflare announced today that they are raising prices for their Pro and Business plans for the first time since they launched in 2017.
- Lawrence Abrams
- November 30, 2022
- 12:52 PM
- 0
Cloudflare mitigated record DDoS attack against Minecraft server

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack.
- Bill Toulas
- October 13, 2022
- 09:01 AM
- 0
Twilio hackers hit over 130 orgs in massive Okta phishing attack

Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts.
- Bill Toulas
- August 25, 2022
- 10:53 AM
- 0
WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware

WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.
- Bill Toulas
- August 20, 2022
- 11:15 AM
- 1
Cloudflare employees also hit by hackers behind Twilio breach

Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week.
- Sergiu Gatlan
- August 09, 2022
- 01:28 PM
- 0
Massive Cloudflare outage caused by network configuration error

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience.
- Sergiu Gatlan
- June 21, 2022
- 09:19 AM
- 4
Cloudflare mitigates record-breaking HTTPS DDoS attack

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date.
- Sergiu Gatlan
- June 14, 2022
- 10:31 AM
- 6