All news with #cloudflare tag

🔐 Cloudflare is collaborating with Chrome to experimentally deploy Merkle Tree Certificates (MTCs) to reduce the number of public keys and large post-quantum signatures transmitted during TLS handshakes. MTCs batch certificates into a Merkle tree with a single signed treehead and per-certificate inclusion proofs, dramatically shrinking handshake size and CPU work. The experiment will roll out to a subset of Cloudflare free customers while Chrome distributes validation landmarks and fallbacks to preserve existing trust.

🔍 Cloudflare announces an Open Beta for Workers tracing that provides automatic, out-of-the-box instrumentation with no code changes. Traces are visible in the Workers Observability dashboard alongside logs, and spans include timing, attributes, and error context. You can export OTLP-formatted traces and correlated logs to third-party providers like Honeycomb or Grafana. Enable tracing via wrangler.jsonc or the Cloudflare dashboard and join the beta to provide feedback.

📊 Cloudflare explains why measuring the Internet is uniquely difficult and how rigorous methodology, ethics, and clear representation make findings reliable. An internal February 2022 Lviv traffic spike illustrates how context and complementary data can prevent misclassification of benign events as attacks. The post contrasts active and passive techniques and direct versus indirect measurement, outlines a lifecycle of curation, modeling, and validation, and stresses low-impact, ethical approaches. It concludes by inviting collaboration and continued exploration of passive measurement methods.

⚡ Cloudflare’s Speed Test measures the quality users actually experience rather than peak bandwidth. It sends predefined data blocks via the Network Quality API from the user’s browser to Cloudflare Workers routed by anycast, recording idle and loaded latency, jitter, packet loss, and throughput across sizes. Results appear live and culminate in an AIM score summarizing suitability for streaming, gaming, or conferencing.

📊 Cloudflare Radar now offers a dedicated Top-Level Domain (TLD) landing page and per-TLD reports that aggregate popularity, activity, and security signals. The new pages rank TLDs using a DNS Magnitude score based on unique client networks querying 1.1.1.1, and provide DNS, RDAP/WHOIS, Certificate Transparency, and registration information where available. Interactive charts, maps, and API access help TLD managers and site owners monitor visibility, abuse trends, and certificate issuance.

📡 Since its 2020 debut, Cloudflare Radar has evolved into a comprehensive observability platform that aggregates Cloudflare telemetry to illuminate security, performance, and usage trends. Initially centered on Radar Internet Insights, Domain Insights, and IP Insights, the service has grown to include Certificate Transparency metrics, TCP reset/timeouts visibility, post-quantum adoption tracking, and AI-focused crawler analytics. Radar also added routing tools such as route leak and origin hijack detection, real-time BGP views, AS-SET monitoring, and notifications, while improving programmatic access via the Radar API and an MCP server for LLM integration. Popular utilities like the URL Scanner, expanded search and date-range options, and internationalized interfaces reinforce Radar's mission to make the Internet more observable and resilient.

🔍 During a 2022 internship at Cloudflare, Ram Sundara Raman examined whether connection tampering by network middleboxes can be detected using only passive production data. He sampled one in 10,000 TCP connections and logged the first ten inbound packets, then developed 19 tampering signatures while confronting scale, noisy telemetry, and limited ground truth. The work exposed practical limits of passive observation and the care required to interpret packet-level signals, and its outputs are published on Cloudflare Radar.

📡 This week Cloudflare Research publishes a series of posts revealing methods and findings that advance a more measurable, resilient, and transparent Internet. The series explores Internet measurement fundamentals, resilience frameworks, post-quantum deployment, and networking innovations, with deep dives into products such as Cloudflare Radar and experiments like Merkle Tree Certificates. Expect practical analysis, IETF-aligned protocol discussion, and real-world deployment considerations.

📱 Unit 42 attributes a sprawling smishing campaign to the China-linked Smishing Triad, tying it to 194,345 FQDNs and more than 194,000 malicious domains registered since January 1, 2024. Most root domains are registered through Dominet (HK) Limited yet resolve to U.S.-hosted infrastructure, primarily on Cloudflare (AS13335). Campaigns impersonate USPS, toll services, banks, exchanges and delivery services, using rapid domain churn to evade detection. The operation has reportedly generated over $1 billion in three years and increasingly targets brokerage and banking accounts to enable market manipulation.

🛡️ In early September 2025 attackers published malicious releases to 18 widely used npm packages, enabling crypto‑stealing and token exfiltration. Cloudflare's Page Shield static analysis and ML pipeline — including an MPGCN on JavaScript ASTs — inspects 3.5 billion scripts per day and would have detected these compromised packages. Inference completes in under 0.3s and ensemble review reduces false positives, protecting customers from similar supply‑chain threats.

🔒 Cloudflare, in partnership with Visa and Mastercard, explains how Web Bot Auth together with payment-specific protocols can secure agent-driven commerce. The post describes agent registration, public key publication, and HTTP Message Signatures that include timestamps, nonces, and tags to prevent spoofing and replay attacks. Merchants can validate trusted agents during browsing and payment flows without changing infrastructure. Cloudflare also provides an Agent SDK and managed WAF rules to simplify developer adoption and deployment.

🔍 Cloudflare investigated a production soft lockup traced to the Linux BPF LPM trie, a core data structure for IP and IP+Port longest-prefix matching. Benchmarks on 96-core AMD EPYC hardware showed lookups remain relatively fast at modest sizes, but updates, deletes and especially freeing maps degrade severely at scale, causing multi-second CPU stalls and customer packet loss. The post refreshes trie basics, presents measured results (lookups, updates, deletes, free costs), and diagnoses kernel implementation limits — notably binary child pointers, absent level compression, and allocator-induced cache and dTLB pressure — then outlines plans to upstream benchmarks and refactor toward a level-compressed multibit trie to reduce traversal height, cache/TLB misses, and freeing overhead.

🔍 Cloudflare introduces Monitor Groups for Load Balancing to assess application health across multiple dependent services rather than relying on a single probe. You can bundle up to five monitors, mark some as must_be_healthy (critical) or as monitoring_only (observational), and apply a quorum rule so transient failures don’t trigger global failover. Health checks run from dozens to hundreds of global data centers, creating a geographically distributed consensus. Available via API for Enterprise customers now, Dashboard access for all users is coming soon.

🔒 Cloudflare presents an early design for Web Application Integrity, Consistency, and Transparency (WAICT) to address the risks of mutable JavaScript in sensitive web apps. The proposal pairs expanded Subresource Integrity (SRI) and a signed integrity manifest with append-only transparency logs and third-party witnesses to provide verifiable inclusion and consistency proofs. Browser preload lists, proof-of-enrollment, and client-side cooldowns are used to avoid extra round trips and to limit stealthy changes. Cloudflare plans to participate as a service provider and to collaborate on standardization.

🔒 LastPass has confirmed it was not breached after detecting a targeted phishing campaign that mimicked its branding. The emails used the subject line "We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security" and came from spoofed senders such as hello@lastpasspulse.blog and hello@lastpassgazette.blog. Links in the messages redirected recipients to phishing sites (lastpassdesktop.com and lastpassgazette.blog), and attackers have also registered lastpassdesktop.app for potential follow-ups. Cloudflare is displaying warnings and LastPass said it is working to have the malicious domains taken down.

🔍 Cloudflare investigated an independent October benchmark comparing server-side JavaScript performance between Cloudflare Workers and Vercel, which initially showed Workers up to 3.5x slower. The company found multiple causes — scheduling heuristics, outdated V8 garbage-collector tuning, and framework-level inefficiencies in OpenNext/Next.js — and implemented fixes. Most changes are live and yield parity with Vercel across nearly all tested cases, with further work planned to close the remaining Next.js gap.

🔒 Cloudflare today introduces REACT, a new incident response and advisory service from Cloudforce One designed to bridge the gap between edge defenses and in‑network remediation. REACT combines proactive advisory work—threat hunting, tabletop exercises, and readiness assessments—with emergency incident response and retainer options for guaranteed availability. As a network‑native, vendor‑agnostic service, REACT can deploy mitigations at the Cloudflare edge and coordinate investigations across on‑premise, cloud, and hybrid environments.

🧩 Deploy Payload to Cloudflare Workers in one click with a template that provisions D1 and R2 bindings. The Payload team ported the project to OpenNext and implemented custom adapters: a Drizzle-based adapter that maps D1 results for SQLite compatibility and an R2 storage adapter that uses bindings to avoid token management. They used Wrangler remote bindings for migrations and applied Hyperdrive and D1 read replicas to cut latency and improve global read performance.

🌐 Cloudflare observed a nationwide Internet shutdown in Afghanistan on 29 September 2025 that began with a brief fixed-line interruption around 11:30 UTC and escalated to a full fiber-optic cut shortly after 12:30 UTC. HTTP requests, DNS queries (1.1.1.1) and total bytes dropped to zero at a national level, while mobile providers showed brief, partial connectivity. The outage removed the majority of announced IPv4 and IPv6 prefixes and threatens banking, customs, emergency communications, television and radio services.

🚀 Cloudflare’s Birthday Week 2025 summarized a broad set of product, policy, and community initiatives designed to strengthen the open Internet and prepare for AI-era and quantum threats. Highlights included a goal to hire 1,111 interns in 2026, new startup hubs, and expanded free developer access for students and non‑profits, plus sponsorships of open-source projects like Ladybird and Omarchy. Technical announcements ranged from post‑quantum upgrades and a Rust-based core proxy to R2 SQL, the Cloudflare Data Platform, Workers performance and security hardening, and new AI safety and bot-management tools.