All news with #cloudflare tag

🔒 Push Security warns of an adversary-in-the-middle (AitM) phishing campaign that seizes control of TikTok for Business accounts by presenting victims with malicious credential-capture pages after a Cloudflare Turnstile check. Lures include lookalike TikTok for Business and fake Google Careers pages, sometimes offering scheduled calls to gain trust. The attackers host pages on multiple domains and use the Turnstile challenge to evade automated scanners. Separately, WatchGuard reported SVG attachments used to deliver a Go-based malware artifact linked to BianLian-style activity.

🔒 Threat actors are targeting TikTok for Business accounts with Cloudflare-hosted phishing pages that evade bot detection by using Google Storage redirects and a Cloudflare Turnstile check. Victims first see fake forms that request business-email validation and are then shown a reverse-proxy login page that captures credentials and session cookies, allowing account takeover even with 2FA enabled. Push Security links the activity to a campaign that previously targeted Google Ad Manager and notes multiple NiceNIC-registered domains hosted in the same Google Storage bucket. Users should verify domains, treat unsolicited invites cautiously, and prefer passkeys for high-value accounts.

🚀 Cloudflare's Dynamic Worker Loader API enables Workers to instantiate isolated JavaScript sandboxes at runtime, letting LLM-generated code run securely and on-demand. Using lightweight V8 isolates rather than containers, Dynamic Workers start in milliseconds, are far more memory efficient, and scale across Cloudflare's edge. The feature supports TypeScript RPC interfaces, credential injection for outbound HTTP, and helper libraries for bundling, virtual filesystems, and Code Mode integration.

🔧 Cloudflare’s Gen 13 platform pairs its Rust-based FL2 software rewrite with a redesigned server built around the 192-core AMD EPYC 9965, 768 GB DDR5-6400, PCIe 5.0 NVMe storage, and dual 100 GbE networking. The new configuration targets up to 2x throughput versus Gen 12 while improving performance-per-watt by up to 50% and increasing per-rack throughput. Gen 13 also adds PCIe encryption, expanded NVMe capacity and front-bay U.2 options, and support for two double-width PCIe accelerators to future-proof deployments.

🚀Cloudflare announces Gen 13 servers based on AMD EPYC™ 5th Gen Turin and the new Rust-based FL2 request layer. Turin delivers up to 192 cores and improved IPC but reduces per-core L3 cache; FL1's cache-heavy design produced unacceptable latency at high utilization. By rewriting the serving stack, Cloudflare unlocks up to 2x throughput over Gen 12 and up to 50% better performance-per-watt while keeping latency within SLAs.

🔒 The U.S. Department of Justice announced a court-authorized operation that disrupted command-and-control infrastructure used by multiple IoT Mirai variants, including AISURU, Kimwolf, JackSkid, and Mossad. Authorities from Canada and Germany, assisted by major vendors such as AWS, Cloudflare, and Akamai, helped dismantle networks that collectively enslaved roughly 3 million devices and enabled record-breaking DDoS attacks exceeding 30 Tbps. The action seeks to curb a cybercrime-as-a-service market that sold access to compromised DVRs, webcams, routers, and off-brand Android TVs.

🤖 Cloudflare’s Workers AI now hosts frontier open-source models, beginning with Kimi K2.5, a 256k-context model that supports multi-turn tool calling, vision inputs, and structured outputs. The release enables organizations to run full agent lifecycles on Cloudflare’s Developer Platform, leveraging primitives like Durable Objects and Workflows. Cloudflare emphasizes improved price-performance, prefix caching, a session-affinity header, and a redesigned asynchronous API to lower latency and inference costs for agentic workloads.

🔒 Cloudflare expands Regional Services with Custom Regions, enabling customers to define precise geographic boundaries for TLS termination and Layer 7 processing. The update also adds Cloudflare-managed regions for Turkey, the UAE, IRAP (Australia) and ISMAP (Japan). Custom Regions use expressions like country_code to build membership sets, enabling localized AI inference, targeted campaigns, government deployments, and corporate-aligned governance while retaining global L3/L4 DDoS protection.

🛡️ Cloudflare is contesting Italy’s Piracy Shield, a regulator-run portal that requires rapid blocking of sites nominated by unnamed media companies, after refusing to register and being fined €14 million. The company says the system lacks due process, transparency, and judicial oversight, routinely causes overblocking, and conflicts with the Digital Services Act. Cloudflare has appealed the fine, sought disclosure of enforcement records, and is pursuing remedies in Italian courts and with EU authorities. It warns the scheme endangers global Internet infrastructure and user rights.

🔁 Cloudflare and CDW present a pragmatic, phased approach to migrate from legacy VPNs to a SASE-based Zero Trust architecture, prioritizing coexistence over disruptive cutovers. Their methodology uses a risk-aware, tiered application classification and Cloudflare Access wrapping to add SSO, MFA, and outbound-only tunnels without rewriting legacy code. The approach couples a pre-migration audit with staged pilots and dual-client rollouts to preserve service continuity and provide rollback paths.

🔒 Cloudflare today introduced Account Abuse Protection, a suite of fraud-prevention tools that stop fraudulent account creation and takeovers by evaluating authenticity beyond automation signals. The suite combines leaked credential checks and ATO detections with new Disposable email and Email risk scoring plus Hashed User IDs for per-account visibility while preserving privacy. Available in Early Access to Bot Management Enterprise customers, these controls integrate into Security analytics and Security rules to add friction at signup and investigate account-level abuse.

🛡️ Cloudflare’s AI Security for Apps is now generally available, providing discovery, detection, and mitigation tailored for AI-powered web endpoints. The release introduces custom topics detection and enhanced prompt extraction to spot business-specific sensitive content across varied JSON payloads. Cloudflare is making AI endpoint discovery free for all plans and couples detections with the WAF rule engine so teams can block, log, or return custom responses at the edge. Integrations with IBM Cloud and Wiz extend procurement and unified posture visibility for customers.

🤖 Cloudflare now returns RFC 9457-compliant Markdown and JSON error payloads to AI agents, replacing bulky HTML error pages with compact, machine-readable instructions. Agents requesting text/markdown or application/json receive a consistent schema with YAML frontmatter and explicit fields such as retryable, retry_after, and owner_action_required. This network-wide change is automatic for all 1xxx-class edge errors, reduces payload and token usage by ~98%, and preserves the traditional HTML experience for browsers.

🔍 Cloudflare's Log Explorer centralizes 14 new datasets to give analysts correlated, edge-to-core telemetry for investigating multi-vector attacks. By combining HTTP requests, Firewall, Zero Trust access, IDS, DNS and gateway logs, teams can rapidly reconstruct reconnaissance, exploitation, and exfiltration chains. The platform reduces detection time and supports schema-driven ingestion for future data sources. It also improves ingestion latency and enables concurrent queries for faster, correlated forensics.

🔍 Cloudflare’s redesigned Security Overview dashboard helps security teams turn overwhelming telemetry into prioritized, actionable remediation. The interface introduces Security Action Items — ranked by Critical, Moderate, and Low — alongside a Detection Tools module that indicates whether protections are actively enforcing or left in "Log Only" mode. Suspicious Activity cards deep-link into Security Analytics to preserve filters and speed triage.

🔍 Cloudflare will integrate Mastercard’s RiskRecon into its Security Insights dashboard, enabling continuous discovery, monitoring, and remediation of Internet-facing blind spots with a preview for pay-as-you-go and Enterprise customers in Q3 2026. RiskRecon maps an organization's public internet footprint to reveal shadow IT, forgotten subdomains, and unprotected hosts that internal scans may miss. Cloudflare will surface criticality ratings for discovered hosts and guide remediation — for example by enabling the Cloudflare proxy, WAF, DDoS protection, and stronger TLS settings — so teams can prioritize and rapidly neutralize exposed risks.

🛡️ Infoblox reports a novel phishing evasion technique that leverages the .arpa reverse-DNS namespace and IPv6-to-IPv4 tunneling to host malicious content on infrastructure-only names. The actor created forward A/AAAA records for reverse DNS names—using services tied to Hurricane Electric and Cloudflare—so links appear to originate from trusted infrastructure, bypassing reputation checks and many security controls. Clicks redirected victims to credential- and payment-stealing landing pages. Infoblox recommends audits, DNS restrictions, and targeted detection for ip6.arpa traffic.

🔒 Cloudflare disclosed multiple HTTP/1.x request smuggling vulnerabilities in the open-source Pingora framework (CVE-2026-2833, CVE-2026-2835, CVE-2026-2836) that can desynchronize proxy and backend request framing when Pingora is used as an ingress proxy. The issues — reported by Rajat Raghav via Cloudflare’s bug bounty — allow bypass of proxy-layer checks, cross-user hijacking, or cache poisoning in exposed standalone deployments. Cloudflare confirmed its CDN and customer traffic were not affected and released fixes and hardening in Pingora 0.8.0. If you run Pingora as a proxy, upgrade to 0.8.0 as soon as possible.

🔍 Cloudflare today announced the beta of its Web and API Vulnerability Scanner, initially focused on detecting Broken Object Level Authorization (BOLA) in APIs. The scanner integrates with API Shield, leveraging passive schema learning and API discovery to construct stateful, credentialed tests without extensive setup. It builds automatic scan plans from OpenAPI specs, augments missing or ambiguous schema data using Workers AI, and can create owner and attacker request chains to detect logic flaws. Credential handling uses HashiCorp Vault Transit to encrypt secrets and Temporal for orchestration.

🔐 Security vendors are reframing post-quantum cryptography (PQC) from a theoretical concern into an operational priority, emphasizing discovery, inventory, and crypto-agility across enterprise environments. Companies such as Palo Alto Networks, Cisco, and Cloudflare are packaging visibility, assessment, and compensating-controls while specialist firms like SandboxAQ deliver continuous monitoring via AQtive Guard. With NIST standards finalized and a 2030 readiness horizon, vendors stress phased migration and prioritization for long-lived sensitive data. The market is competitive as providers position to guide enterprises through complex modernization and legacy constraints.