All news with #cloudflare tag

Securing Agentic Commerce with Web Bot Auth and Payments

🔒 Cloudflare, in partnership with Visa and Mastercard, explains how Web Bot Auth together with payment-specific protocols can secure agent-driven commerce. The post describes agent registration, public key publication, and HTTP Message Signatures that include timestamps, nonces, and tags to prevent spoofing and replay attacks. Merchants can validate trusted agents during browsing and payment flows without changing infrastructure. Cloudflare also provides an Agent SDK and managed WAF rules to simplify developer adoption and deployment.

Global Smishing Campaign Targets Toll, Delivery, Services

🚨 Unit 42 attributes a widespread smishing campaign to the Smishing Triad that uses urgent SMS messages and realistic phishing pages to impersonate toll, delivery and other critical services. Since April 2024 the operation has registered and churned over 194,000 malicious domains and 136,900 root domains, leveraging a Hong Kong registrar while primarily hosting on U.S. cloud infrastructure. The campaign appears powered by a large phishing-as-a-service ecosystem and seeks PII, credentials and payment data. Advanced URL Filtering and Advanced DNS Security provide protections; contact Unit 42 Incident Response for urgent help.

DNS0.EU DNS Service Shuts Down Over Sustainability Concerns

🔒 The DNS0.EU non‑profit public DNS resolver announced an immediate shutdown, citing unsustainable time and resource constraints for its volunteer team. Launched in 2023 and operated from France with 62 servers across 27 cities in all EU member states, the service supported no‑logs policies and modern encrypted transports including DNS‑over‑HTTPS, DNS‑over‑TLS, and DNS‑over‑QUIC. The operators thanked partners and urged users to migrate to DNS4EU or NextDNS, both of which offer privacy protections and defenses against malicious domains.

Monitor Groups for Load Balancing: Multi-Service Health

🔍 Cloudflare introduces Monitor Groups for Load Balancing to assess application health across multiple dependent services rather than relying on a single probe. You can bundle up to five monitors, mark some as must_be_healthy (critical) or as monitoring_only (observational), and apply a quorum rule so transient failures don’t trigger global failover. Health checks run from dozens to hundreds of global data centers, creating a geographically distributed consensus. Available via API for Enterprise customers now, Dashboard access for all users is coming soon.

UNC5142 EtherHiding: Smart-Contract Malware Distribution

🔐 Since late 2023, Mandiant and the Google Threat Intelligence Group tracked UNC5142, a financially motivated cluster that compromises vulnerable WordPress sites to distribute information stealers. The actor's CLEARSHORT JavaScript loader uses Web3 to query smart contracts on the BNB Smart Chain that store ABIs, encrypted landing pages, AES keys, and payload pointers. By employing a three-contract Router-Logic-Storage design and abusing legitimate hosting (Cloudflare Pages, GitHub, MediaFire), operators can rotate lures and update payload references on-chain without changing injected scripts, enabling resilient, low-cost campaigns that GTIG found on ~14,000 injected pages by June 2025 and which showed no on-chain updates after July 23, 2025.

LastPass: Phishing campaign impersonates product, warns users

🔒 LastPass has confirmed it was not breached after detecting a targeted phishing campaign that mimicked its branding. The emails used the subject line "We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security" and came from spoofed senders such as hello@lastpasspulse.blog and hello@lastpassgazette.blog. Links in the messages redirected recipients to phishing sites (lastpassdesktop.com and lastpassgazette.blog), and attackers have also registered lastpassdesktop.app for potential follow-ups. Cloudflare is displaying warnings and LastPass said it is working to have the malicious domains taken down.

Cloudflare addresses Workers CPU benchmark disparities

🔍 Cloudflare investigated an independent October benchmark comparing server-side JavaScript performance between Cloudflare Workers and Vercel, which initially showed Workers up to 3.5x slower. The company found multiple causes — scheduling heuristics, outdated V8 garbage-collector tuning, and framework-level inefficiencies in OpenNext/Next.js — and implemented fixes. Most changes are live and yield parity with Vercel across nearly all tested cases, with further work planned to close the remaining Next.js gap.

Cloudflare Launches REACT: Unified Incident Response

🔒 Cloudflare today introduces REACT, a new incident response and advisory service from Cloudforce One designed to bridge the gap between edge defenses and in‑network remediation. REACT combines proactive advisory work—threat hunting, tabletop exercises, and readiness assessments—with emergency incident response and retainer options for guaranteed availability. As a network‑native, vendor‑agnostic service, REACT can deploy mitigations at the Cloudflare edge and coordinate investigations across on‑premise, cloud, and hybrid environments.

Hackers Inject Redirecting JavaScript via WordPress Themes

🔒 Security researchers warn of an active campaign that modifies WordPress theme files (notably functions.php) to inject malicious JavaScript that redirects visitors to fraudulent verification and malware distribution pages. The injected loader uses obfuscated references to advertising services but posts to a controller domain that serves a remote script from porsasystem[.]com and an iframe mimicking Cloudflare assets. The activity has ties to the Kongtuke traffic distribution system and highlights the need to patch themes, enforce strong credentials, and scan for persistent backdoors.

Payload CMS on Cloudflare Workers with D1 and R2 Support

🧩 Deploy Payload to Cloudflare Workers in one click with a template that provisions D1 and R2 bindings. The Payload team ported the project to OpenNext and implemented custom adapters: a Drizzle-based adapter that maps D1 results for SQLite compatibility and an R2 storage adapter that uses bindings to avoid token management. They used Wrangler remote bindings for migrations and applied Hyperdrive and D1 read replicas to cut latency and improve global read performance.

Nationwide Internet Shutdown in Afghanistan Extended

🌐 Cloudflare observed a nationwide Internet shutdown in Afghanistan on 29 September 2025 that began with a brief fixed-line interruption around 11:30 UTC and escalated to a full fiber-optic cut shortly after 12:30 UTC. HTTP requests, DNS queries (1.1.1.1) and total bytes dropped to zero at a national level, while mobile providers showed brief, partial connectivity. The outage removed the majority of announced IPv4 and IPv6 prefixes and threatens banking, customs, emergency communications, television and radio services.

Cloudflare Birthday Week 2025: Product and Policy Recap

🚀 Cloudflare’s Birthday Week 2025 summarized a broad set of product, policy, and community initiatives designed to strengthen the open Internet and prepare for AI-era and quantum threats. Highlights included a goal to hire 1,111 interns in 2026, new startup hubs, and expanded free developer access for students and non‑profits, plus sponsorships of open-source projects like Ladybird and Omarchy. Technical announcements ranged from post‑quantum upgrades and a Rust-based core proxy to R2 SQL, the Cloudflare Data Platform, Workers performance and security hardening, and new AI safety and bot-management tools.

Weekly Recap: Cisco 0-day, Record DDoS, New Malware

🛡️ Cisco firewalls were exploited in active zero-day attacks that delivered previously undocumented malware families including RayInitiator and LINE VIPER by chaining CVE-2025-20362 and CVE-2025-20333. Infrastructure and cloud environments faced major pressure this week: Cloudflare mitigated a record 22.2 Tbps DDoS while misconfigured Docker instances enabled ShadowV2 bot operations. Researchers also disclosed Supermicro BMC flaws that could allow malicious firmware implants, and ransomware actors increasingly abuse exposed AWS keys. Prioritize patching, firmware updates, and cloud identity hygiene now.

Cloudflare FL2: Rust Rewrite Cuts Latency and Boosts CDN

🚀 Cloudflare announced FL2, a complete reimplementation of its FL request-processing layer using Rust and the Oxy framework. FL2 adopts strict modular phases, eliminates cross-language overhead, and supports graceful restarts with systemd socket activation and the Rust-based shellflip coordinator. Internal and third-party tests show FL2 reduces median response times by ~10 ms and delivers a ~25% performance improvement; staged rollouts, automated testing, and fallbacks to FL1 enabled safe incremental migration.

Cloudflare launches Observatory and Smart Shield tools

🚀 Cloudflare today launched Observatory (open beta) and Smart Shield, integrated tools that combine real-user monitoring, synthetic testing, backend telemetry and prescriptive remediation to help teams measure and improve web performance and resiliency. Observatory centralizes RUM-focused Core Web Vitals, synthetic browser and network tests, error and cache telemetry, and delivers Smart Suggestions to pinpoint root causes and recommended fixes. Smart Shield offers one-click origin protections — dynamic caching, connection reuse, health monitoring and dedicated egress options — to reduce origin load and validate improvements in real time; both features are available to all plans, including Free.

Cloudflare AI Index: Site-Controlled Discovery and Monetization

🔍 Cloudflare is launching a private beta of AI Index, a per-domain, AI‑optimized search index that site owners control and can monetize via Pay per crawl and x402 integrations. The service automatically builds and maintains indexes and exposes standardized APIs — an MCP server, LLMs.txt, a search API, bulk transfer endpoints, and pub/sub subscriptions for real-time updates. It integrates with AI Crawl Control so owners can set access rules or opt out entirely.

Monitoring AS-SETs and Their Importance for BGP Operations

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.

Eliminating Cold Starts 2: Shard and Conquer Globally

🧊 Cloudflare describes a new Worker sharding technique that uses a consistent hash ring to route requests to existing Worker instances across a data center, reducing cold starts. The approach trades a sub-millisecond proxy hop for far fewer expensive cold starts, improving memory efficiency and latency. The system leverages Cap'n Proto RPC to implement optimistic forwarding, lazy capabilities, and seamless context transfer for nested Worker invocations.

Code Mode: Using MCP with Generated TypeScript APIs

🧩 Cloudflare introduces Code Mode, a new approach that converts Model Context Protocol (MCP) tool schemas into a generated TypeScript API so LLMs write code instead of emitting synthetic tool-call tokens. This lets models leverage broad exposure to real-world TypeScript, improving correctness when selecting and composing many or complex tools. Code Mode executes the generated code inside fast, sandboxed Cloudflare Workers isolates that expose only typed bindings to authorized MCP servers, preserving MCP's uniform authorization and discovery while reducing token overhead and orchestration latency.

Cloudflare network performance update — Birthday Week 2025

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.