< ciso
brief />
Tag Banner

All news with #cloudflare tag

318 articles · page 10 of 16

Cloudflare Q3 2025 DDoS Threat Report: Aisuru Peaks

📈 The 23rd edition of Cloudflare’s Quarterly DDoS Threat Report reviews Q3 2025 data and spotlights the unprecedented Aisuru botnet, estimated at 1–4 million infected hosts. Aisuru launched routine hyper-volumetric attacks exceeding 1 Tbps and 1 Bpps, peaking at 29.7 Tbps and 14.1 Bpps, while Cloudflare mitigated 8.3 million DDoS events in the quarter. Network-layer attacks dominated the mix, and the report warns that short, high-volume strikes often outpace manual defenses, underscoring the need for global, automated mitigation.
read more →

Cloudflare WAF Blocks Critical React Server Components RCE

🛡️ Cloudflare has deployed new WAF protections to mitigate a high‑severity RCE in React Server Components (CVE-2025-55182). All customers whose React traffic is proxied through the Cloudflare WAF are automatically protected — the rules are included in both the Free Managed Ruleset and the standard Managed Ruleset and default to Block. Rule IDs: Managed Ruleset 33aa8a8a948b48b28d40450c5fb92fba and Free Ruleset 2b5d06e34a814a889bee9a0699702280; Cloudflare Workers are immune. Customers on paid plans should verify Managed Rules are enabled and update to React 19.2.1 and the recommended Next.js releases (16.0.7, 15.5.7, 15.4.8).
read more →

Replicate Joins Cloudflare to Build AI Infrastructure

🚀 Replicate is now part of Cloudflare, bringing its model packaging and serving tools into Cloudflare’s global network. Since 2019 Replicate has shipped Cog and a hosted inference platform that made running research models accessible and scaled during the Stable Diffusion surge. Joining Cloudflare pairs those abstractions with network primitives like Workers, R2, and Durable Objects to enable edge model execution, instant serverless pipelines, and streaming integrations such as WebRTC while supporting developers and researchers.
read more →

Cloudflare Hosts Black Forest Lab FLUX.2 on Workers AI

🖼️ Cloudflare now hosts Black Forest Lab's FLUX.2 image model on the Workers AI inference platform. The licensed dev release builds on the popular FLUX.1 lineage with stronger physical-world grounding, improved fidelity for faces, hands and small objects, and advanced multi-reference editing to preserve character and product consistency. Workers AI exposes FLUX.2 via multipart form-data (up to four 512×512 inputs) and returns images up to 4 megapixels, while supporting JSON prompting, hex color controls, multilingual prompts, and a server-side binding for integration into production pipelines.
read more →

WAF Payload Logging Improvements for Cloudflare Customers

🔍 Cloudflare describes enhancements to its Web Application Firewall (WAF) payload logging, which now records specific request fields and post-transformation values that triggered a rule. The feature disambiguates which branch of a rule evaluated true, logs partial matches with contextual slices, and reduces the amount of data written for large fields. Cloudflare also optimized regex compilation and memory usage, shrank median log sizes, and plans further work on binary formats and expanded WAF coverage.
read more →

Cloudflare Outage Highlights Risks of Single-Vendor Reliance

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.
read more →

Cloudflare Outage Caused by Database Permission Change

⚠️ Cloudflare suffered its worst outage in six years after a database permissions change caused its Bot Management system to generate an oversized configuration feature file containing duplicate entries. The file exceeded a hardcoded 200-feature limit, triggering a Rust panic that crashed core proxy software and produced widespread 5xx errors. Engineers restored service by replacing the problematic file, and full recovery was achieved several hours later.
read more →

Cloudflare outage disrupts global network services

⚠️ Cloudflare is investigating an outage that has produced widespread 500 internal server errors and impacted its Dashboard and API, disrupting access to numerous customer websites and platforms. The company first reported support portal availability issues and then an incident at 11:48 UTC affecting the Cloudflare Global Network, with multiple European nodes observed offline. Downdetector logged tens of thousands of reports, and Cloudflare says it is working to mitigate the incident; partial recovery has been reported for Access and WARP while remediation continues for application services.
read more →

Cloudflare outage (18 Nov 2025): feature file duplication

⚠️ On 18 November 2025, Cloudflare experienced a major outage after a permissions change in a ClickHouse database caused duplicated metadata to be emitted into a Bot Management feature file, doubling its size. The oversized file exceeded a preallocated feature limit in the core proxy, triggering a Rust panic and widespread HTTP 5xx errors. Cloudflare halted propagation, restored a known-good file, and restarted the proxy; services were largely restored by 14:30 UTC and fully recovered by 17:06 UTC. The company apologized and pledged architectural and process hardening to prevent recurrence.
read more →

Replicate Joins Cloudflare to Expand AI Developer Platform

🧭 Cloudflare is bringing Replicate into its developer platform to integrate Replicate’s large model catalog and community with Cloudflare’s global, serverless inference stack. Existing Replicate APIs and workflows will continue to operate without interruption while benefitting from Cloudflare’s performance and reliability. Workers AI users will get immediate access to a greatly expanded catalog plus upcoming support for fine-tuning and custom models, enabled by Cog and unified control through Cloudflare’s AI Gateway.
read more →

Architecture of Remote Bindings for Local Worker Development

🚀 Cloudflare has made remote bindings generally available, letting local Workers connect to live resources such as R2 buckets, D1 and KV namespaces without deploying. Developers can enable a binding with "remote: true" in Wrangler v4.37.0 and use existing Wrangler OAuth credentials to access production data. The local workerd runtime proxies JS API calls to remote service bindings (including JSRPC via Cap’n Web websockets), and tooling like the Vite plugin and vitest-pool-workers can use utilities such as startRemoteProxySession to join remote sessions.
read more →

Cloudflare Introduces Python Workflows in Beta Release

🐍 Cloudflare has announced Python Workflows in beta, enabling developers to orchestrate multi-step, durable applications on Workers using Python. The feature aims for feature parity with the existing JavaScript SDK while adapting APIs to Pythonic idioms—using decorators for step callbacks and snake_case naming for method calls. Under the hood it leverages Pyodide and CPython in the runtime, exposes WorkflowStep as an RPC-backed JsProxy for at-most-once durable execution, and supports DAG-style concurrency via asyncio.gather. Targeted use cases include data pipelines, ML/LLM training loops, and autonomous agents where step-level retries, state persistence, and explicit wait points simplify orchestration.
read more →

Cloudflare Launches Self-Serve BYOIP API with RPKI

🔐 Cloudflare unveiled a self‑serve BYOIP API enabling customers to onboard and manage their own IP prefixes via automated workflows. The new flow replaces manual LOA reviews with a two-step validation that uses RPKI ROAs plus either IRR route-object modification or a reverse DNS validation token. Cloudflare will auto-generate LOA-style documentation for operators that still require it and enforces a default service binding to prevent accidental prefix blackholing. The initial rollout supports prefixes originated from AS13335 and is designed to shorten deployment timelines while strengthening routing security.
read more →

Cloudflare Open-Sources tokio-quiche: Async QUIC for Tokio

🚀 Cloudflare has open-sourced tokio-quiche, an async QUIC library that combines its quiche transport implementation with the Tokio async runtime. The project provides a battle-tested integration for async UDP I/O and HTTP/3, delivering low-latency, high-throughput handling of millions of requests per second without requiring developers to wire a sans-io stack. tokio-quiche includes an HTTP/3-focused driver, examples, and abstractions such as ApplicationOverQuic so teams can build clients and servers more quickly. It already powers Cloudflare Proxy B in Apple iCloud Private Relay, Oxy-based proxies, and Warp’s MASQUE client, and aims to accelerate broader adoption of HTTP/3 and QUIC.
read more →

Cloudflare Stream Adds Audio Extraction for Video Files

🎧 Cloudflare Stream now lets developers extract audio-only M4A tracks from videos with a single API call or dashboard action. Use Media Transformations (mode=audio) for on-the-fly clipping or create persistent audio downloads for VOD-managed content. This reduces bandwidth, cost, and complexity for transcription, translation, moderation, and other audio-first AI workflows.
read more →

Amazon CloudFront Adds Cross-Account VPC Origins Support

🔒 Amazon announced that CloudFront now supports cross-account VPC origins, enabling distributions to reach ALB, NLB, and EC2 origins inside private subnets across different AWS accounts. Customers can grant access via AWS RAM, including across Organizations and OUs, removing the need to place origins in public subnets. The capability is available in AWS Commercial Regions at no extra charge and is designed to simplify security and multi-account operations.
read more →

Cloudflare Removes Aisuru Botnet Domains from Rankings

🛡️ Cloudflare has begun redacting and hiding domains tied to the rapidly growing Aisuru botnet after those malicious hostnames repeatedly appeared atop its public domain rankings. The botnet — comprised of hundreds of thousands of compromised IoT devices — recently shifted from querying 8.8.8.8 to 1.1.1.1, flooding Cloudflare’s resolver and skewing popularity metrics. Cloudflare says attackers are likely both manipulating rankings and mounting attacks on its DNS service, and the company is refining its ranking algorithm while removing known malicious entries.
read more →

Cloudflare Workers VPC Services Enter Open Beta Today

🌐 Cloudflare announced the open beta of Workers VPC Services, enabling Workers to securely reach APIs, containers, VMs, serverless functions and databases inside regional private networks via Cloudflare Tunnels. Developers register services by hostname or IP and bind them to Workers, with access verified at deploy time to restrict Workers to only the declared service. The model reduces cloud lock‑in, mitigates SSRF risk, and is available free during the beta.
read more →

Cloudflare Introduces Isolated Testing for Workflows

🧪 Cloudflare has added local, isolated testing APIs for Workflows, enabling developers to introspect and mock workflow instances using the new cloudflare:test module. Available with @cloudflare/vitest-pool-workers v0.9.0+, the APIs (introspectWorkflowInstance and introspectWorkflow) let tests run offline inside the Workers runtime, mock step results and events, and preserve isolated storage for reliable, deterministic tests. This improves debug visibility, reduces flaky tests, and lets teams assert on intermediate steps without hitting external systems.
read more →

Cloudflare analysis confirms Turkmenistan IP changes

🔍 Cloudflare researchers revisited historic telemetry to assess reports that Turkmenistan experienced an unprecedented easing of IP address blocking in mid‑2024 and may have been testing a new firewall. Using Radar metrics, they observed a clear surge in HTTP requests beginning in mid‑June, alongside shifts in TCP reset and timeout patterns. These connection anomalies manifested at different stages of the TCP lifecycle across multiple autonomous systems, and while the data cannot provide attribution, the observed patterns are consistent with large‑scale filtering or firewall testing.
read more →