< ciso
brief />
Tag Banner

All news with #cloudflare tag

318 articles · page 12 of 16

Smishing Triad Linked to 194,000 Malicious Domains

📱 Unit 42 attributes a sprawling smishing campaign to the China-linked Smishing Triad, tying it to 194,345 FQDNs and more than 194,000 malicious domains registered since January 1, 2024. Most root domains are registered through Dominet (HK) Limited yet resolve to U.S.-hosted infrastructure, primarily on Cloudflare (AS13335). Campaigns impersonate USPS, toll services, banks, exchanges and delivery services, using rapid domain churn to evade detection. The operation has reportedly generated over $1 billion in three years and increasingly targets brokerage and banking accounts to enable market manipulation.
read more →

Cloudflare Page Shield Thwarted npm Supply-Chain Attack

🛡️ In early September 2025 attackers published malicious releases to 18 widely used npm packages, enabling crypto‑stealing and token exfiltration. Cloudflare's Page Shield static analysis and ML pipeline — including an MPGCN on JavaScript ASTs — inspects 3.5 billion scripts per day and would have detected these compromised packages. Inference completes in under 0.3s and ensemble review reduces false positives, protecting customers from similar supply‑chain threats.
read more →

Securing Agentic Commerce with Web Bot Auth and Payments

🔒 Cloudflare, in partnership with Visa and Mastercard, explains how Web Bot Auth together with payment-specific protocols can secure agent-driven commerce. The post describes agent registration, public key publication, and HTTP Message Signatures that include timestamps, nonces, and tags to prevent spoofing and replay attacks. Merchants can validate trusted agents during browsing and payment flows without changing infrastructure. Cloudflare also provides an Agent SDK and managed WAF rules to simplify developer adoption and deployment.
read more →

Deep Dive: BPF LPM Trie Performance and Optimization

🔍 Cloudflare investigated a production soft lockup traced to the Linux BPF LPM trie, a core data structure for IP and IP+Port longest-prefix matching. Benchmarks on 96-core AMD EPYC hardware showed lookups remain relatively fast at modest sizes, but updates, deletes and especially freeing maps degrade severely at scale, causing multi-second CPU stalls and customer packet loss. The post refreshes trie basics, presents measured results (lookups, updates, deletes, free costs), and diagnoses kernel implementation limits — notably binary child pointers, absent level compression, and allocator-induced cache and dTLB pressure — then outlines plans to upstream benchmarks and refactor toward a level-compressed multibit trie to reduce traversal height, cache/TLB misses, and freeing overhead.
read more →

Monitor Groups for Load Balancing: Multi-Service Health

🔍 Cloudflare introduces Monitor Groups for Load Balancing to assess application health across multiple dependent services rather than relying on a single probe. You can bundle up to five monitors, mark some as must_be_healthy (critical) or as monitoring_only (observational), and apply a quorum rule so transient failures don’t trigger global failover. Health checks run from dozens to hundreds of global data centers, creating a geographically distributed consensus. Available via API for Enterprise customers now, Dashboard access for all users is coming soon.
read more →

Improving JavaScript Trustworthiness via WAICT for the Web

🔒 Cloudflare presents an early design for Web Application Integrity, Consistency, and Transparency (WAICT) to address the risks of mutable JavaScript in sensitive web apps. The proposal pairs expanded Subresource Integrity (SRI) and a signed integrity manifest with append-only transparency logs and third-party witnesses to provide verifiable inclusion and consistency proofs. Browser preload lists, proof-of-enrollment, and client-side cooldowns are used to avoid extra round trips and to limit stealthy changes. Cloudflare plans to participate as a service provider and to collaborate on standardization.
read more →

LastPass: Phishing campaign impersonates product, warns users

🔒 LastPass has confirmed it was not breached after detecting a targeted phishing campaign that mimicked its branding. The emails used the subject line "We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security" and came from spoofed senders such as hello@lastpasspulse.blog and hello@lastpassgazette.blog. Links in the messages redirected recipients to phishing sites (lastpassdesktop.com and lastpassgazette.blog), and attackers have also registered lastpassdesktop.app for potential follow-ups. Cloudflare is displaying warnings and LastPass said it is working to have the malicious domains taken down.
read more →

Cloudflare addresses Workers CPU benchmark disparities

🔍 Cloudflare investigated an independent October benchmark comparing server-side JavaScript performance between Cloudflare Workers and Vercel, which initially showed Workers up to 3.5x slower. The company found multiple causes — scheduling heuristics, outdated V8 garbage-collector tuning, and framework-level inefficiencies in OpenNext/Next.js — and implemented fixes. Most changes are live and yield parity with Vercel across nearly all tested cases, with further work planned to close the remaining Next.js gap.
read more →

Cloudflare Launches REACT: Unified Incident Response

🔒 Cloudflare today introduces REACT, a new incident response and advisory service from Cloudforce One designed to bridge the gap between edge defenses and in‑network remediation. REACT combines proactive advisory work—threat hunting, tabletop exercises, and readiness assessments—with emergency incident response and retainer options for guaranteed availability. As a network‑native, vendor‑agnostic service, REACT can deploy mitigations at the Cloudflare edge and coordinate investigations across on‑premise, cloud, and hybrid environments.
read more →

Payload CMS on Cloudflare Workers with D1 and R2 Support

🧩 Deploy Payload to Cloudflare Workers in one click with a template that provisions D1 and R2 bindings. The Payload team ported the project to OpenNext and implemented custom adapters: a Drizzle-based adapter that maps D1 results for SQLite compatibility and an R2 storage adapter that uses bindings to avoid token management. They used Wrangler remote bindings for migrations and applied Hyperdrive and D1 read replicas to cut latency and improve global read performance.
read more →

Nationwide Internet Shutdown in Afghanistan Extended

🌐 Cloudflare observed a nationwide Internet shutdown in Afghanistan on 29 September 2025 that began with a brief fixed-line interruption around 11:30 UTC and escalated to a full fiber-optic cut shortly after 12:30 UTC. HTTP requests, DNS queries (1.1.1.1) and total bytes dropped to zero at a national level, while mobile providers showed brief, partial connectivity. The outage removed the majority of announced IPv4 and IPv6 prefixes and threatens banking, customs, emergency communications, television and radio services.
read more →

Cloudflare Birthday Week 2025: Product and Policy Recap

🚀 Cloudflare’s Birthday Week 2025 summarized a broad set of product, policy, and community initiatives designed to strengthen the open Internet and prepare for AI-era and quantum threats. Highlights included a goal to hire 1,111 interns in 2026, new startup hubs, and expanded free developer access for students and non‑profits, plus sponsorships of open-source projects like Ladybird and Omarchy. Technical announcements ranged from post‑quantum upgrades and a Rust-based core proxy to R2 SQL, the Cloudflare Data Platform, Workers performance and security hardening, and new AI safety and bot-management tools.
read more →

Weekly Recap: Cisco 0-day, Record DDoS, New Malware

🛡️ Cisco firewalls were exploited in active zero-day attacks that delivered previously undocumented malware families including RayInitiator and LINE VIPER by chaining CVE-2025-20362 and CVE-2025-20333. Infrastructure and cloud environments faced major pressure this week: Cloudflare mitigated a record 22.2 Tbps DDoS while misconfigured Docker instances enabled ShadowV2 bot operations. Researchers also disclosed Supermicro BMC flaws that could allow malicious firmware implants, and ransomware actors increasingly abuse exposed AWS keys. Prioritize patching, firmware updates, and cloud identity hygiene now.
read more →

Cloudflare FL2: Rust Rewrite Cuts Latency and Boosts CDN

🚀 Cloudflare announced FL2, a complete reimplementation of its FL request-processing layer using Rust and the Oxy framework. FL2 adopts strict modular phases, eliminates cross-language overhead, and supports graceful restarts with systemd socket activation and the Rust-based shellflip coordinator. Internal and third-party tests show FL2 reduces median response times by ~10 ms and delivers a ~25% performance improvement; staged rollouts, automated testing, and fallbacks to FL1 enabled safe incremental migration.
read more →

Cloudflare launches Observatory and Smart Shield tools

🚀 Cloudflare today launched Observatory (open beta) and Smart Shield, integrated tools that combine real-user monitoring, synthetic testing, backend telemetry and prescriptive remediation to help teams measure and improve web performance and resiliency. Observatory centralizes RUM-focused Core Web Vitals, synthetic browser and network tests, error and cache telemetry, and delivers Smart Suggestions to pinpoint root causes and recommended fixes. Smart Shield offers one-click origin protections — dynamic caching, connection reuse, health monitoring and dedicated egress options — to reduce origin load and validate improvements in real time; both features are available to all plans, including Free.
read more →

Cloudflare AI Index: Site-Controlled Discovery and Monetization

🔍 Cloudflare is launching a private beta of AI Index, a per-domain, AI‑optimized search index that site owners control and can monetize via Pay per crawl and x402 integrations. The service automatically builds and maintains indexes and exposes standardized APIs — an MCP server, LLMs.txt, a search API, bulk transfer endpoints, and pub/sub subscriptions for real-time updates. It integrates with AI Crawl Control so owners can set access rules or opt out entirely.
read more →

Monitoring AS-SETs and Their Importance for BGP Operations

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.
read more →

Eliminating Cold Starts 2: Shard and Conquer Globally

🧊 Cloudflare describes a new Worker sharding technique that uses a consistent hash ring to route requests to existing Worker instances across a data center, reducing cold starts. The approach trades a sub-millisecond proxy hop for far fewer expensive cold starts, improving memory efficiency and latency. The system leverages Cap'n Proto RPC to implement optimistic forwarding, lazy capabilities, and seamless context transfer for nested Worker invocations.
read more →

Code Mode: Using MCP with Generated TypeScript APIs

🧩 Cloudflare introduces Code Mode, a new approach that converts Model Context Protocol (MCP) tool schemas into a generated TypeScript API so LLMs write code instead of emitting synthetic tool-call tokens. This lets models leverage broad exposure to real-world TypeScript, improving correctness when selecting and composing many or complex tools. Code Mode executes the generated code inside fast, sandboxed Cloudflare Workers isolates that expose only typed bindings to authorized MCP servers, preserving MCP's uniform authorization and discovery while reducing token overhead and orchestration latency.
read more →

Cloudflare network performance update — Birthday Week 2025

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.
read more →