All news with #cloudflare tag

🔐 Chrome has launched an initiative to protect HTTPS from future quantum threats by redesigning certificate mechanics with Merkle Tree Certificates (MTCs). Rather than enlarging X.509 certificates, MTCs use compact Merkle proofs and a single signed tree head to authenticate sites, reducing TLS handshake data and embedding transparency into issuance. Chrome is testing MTCs with Cloudflare and plans a phased rollout through 2027.

🚀 Organizations are rethinking the corporate network as perimeter-less and AI-driven, and Cloudflare argues that an agile SASE approach is required to escape legacy fragmentation and operational silos. Cloudflare One is promoted as a composable, single-pass SASE platform built on a global network that runs concurrent security checks to eliminate service-chaining and enable consistent, enforceable policy. This week Cloudflare will publish technical deep-dives across identity, AI-driven signal processing, the autonomous edge, and unified enterprise modernization, and recommends incremental adoption starting with remote access, email protection, DNS filtering, and safe AI governance.

🧭 Project Helix automates onboarding for Cloudflare One, converting deployment expertise into reusable, language-aware Terraform templates and a Cloudflare Workers UI. In minutes, tenants receive baseline DNS, network, and HTTP security policies, TLS inspection options, and granular SaaS tenant controls. Administrators can toggle recommended protections to deploy consistent, error‑free configurations quickly.

🔧 Cloudflare outlines a truly programmable SASE that lets customers run real-time, inline logic at the edge to make decisions rather than just trigger alerts. Beyond basic APIs, webhooks, and Terraform, Cloudflare One and the Developer Platform enable invoking Workers on policy matches to enrich requests, call risk engines, inject headers, and route traffic with millisecond latency. The post describes managed and custom actions, demonstrates an automated device session revocation Worker, and previews deeper integration and custom action support through 2026.

🔍 Cloudflare describes how dispersed, low‑severity signals can combine into a full security incident termed “toxic combinations.” Using network-wide telemetry, Cloudflare correlates bot indicators, sensitive paths, anomalies, and misconfigurations to detect multi-step reconnaissance and exploitation before a clear exploit appears. The post outlines concrete detection queries and practical mitigations — from WAF rules and Zero Trust controls to API authentication and debug flag hygiene.

🔧 Cloudflare critiques the WHATWG Web Streams design and presents a proof-of-concept alternative built around async iterables. The post catalogs practical pain points — reader locking, BYOB complexity, fragile backpressure, and heavy promise overhead — that drive implementation complexity and runtime fragmentation. The proposed model favors pull-through transforms, explicit backpressure policies, batched byte chunks, and synchronous fast paths. Benchmarks in the write-up report 2x–120x improvements in some scenarios, and a reference implementation is published for exploration.

🔐Cloudflare describes a comprehensive redesign of its Turnstile widget and full-page Challenge Pages, interfaces that are served billions of times per day. After a detailed audit and international user testing, the team consolidated inconsistent error states into a single information architecture and simplified messaging to reduce user friction. The refresh emphasizes AAA accessibility (WCAG 2.2 AAA), clearer in-widget troubleshooting, consistent localization across 40+ languages, and subtle visual cues that lower abandonment without weakening security.

🔐 Cloudflare Radar is adding three security-focused datasets and tools: origin-facing post-quantum (PQ) monitoring, a Key Transparency dashboard for E2EE messaging logs, and enhanced RPKI ASPA adoption tracking. The origin feature reports support for X25519MLKEM768 using an automated TLS scanner and provides an on-demand hostname tester that performs real TLS handshakes via Cloudflare Containers. Key Transparency publishes auditor verification status and APIs for independent proof checks, while routing pages gain global, country, and per-AS ASPA views together with API access for integrations.

🔒 ASPA (Autonomous System Provider Authorization) introduces cryptographic path validation to reduce route leaks by allowing networks to publish signed lists of authorized upstream providers in RPKI. Unlike ROAs, which verify prefix origins, ASPA validates the AS_PATH and detects routing "valleys" that indicate leaks. Cloudflare Radar now tracks ASPA adoption across RIRs and provides per‑AS visibility so operators can see whether observed upstreams are ASPA‑authorized and monitor changes over time.

🔐 Cloudflare One is the first SASE platform to deliver standards-compliant post-quantum encryption across Secure Web Gateway, Zero Trust, and WAN services. It implements hybrid ML-KEM across TLS, MASQUE and IPsec on- and off-ramps and upgraded the Cloudflare One Appliance (v2026.2.0 GA). Cloudflare IPsec support for hybrid ML-KEM is in closed beta—contact pq-wan@cloudflare.com for access.

⚠️ On February 20, 2026, Cloudflare introduced a change to how it manages BYOIP addresses that triggered a cleanup sub-task to erroneously withdraw customer prefixes via BGP, causing connectivity failures for affected customers. About 1,100 prefixes (≈25% of BYOIP prefixes on the peer) were withdrawn, including a subset of one.one.one.one. Engineers reverted the change, restored configurations, and resolved the incident in roughly six hours; Cloudflare confirmed the issue was not due to malicious activity.

🧰 Cloudflare introduces a new MCP server that uses Code Mode to expose the entire Cloudflare API through just two tools, search() and execute(). By letting agents write compact JavaScript against a typed OpenAPI spec and executing it inside a sandboxed Dynamic Worker, the server dramatically reduces model context token use. The footprint remains fixed regardless of API size, enabling progressive discovery, OAuth 2.1 downscoping, and safe execution for agents.

🔁 ecdysis is a Cloudflare open-source Rust library that enables graceful process restarts without dropping live connections or refusing new connections. It uses a fork-then-exec model with inherited listening sockets and a readiness handshake so the new process can initialize safely. The design provides crash safety during upgrades and prevents gaps where the kernel would refuse connections. The library integrates with Tokio and systemd and has been production-proven since 2021, saving millions of requests across Cloudflare’s global network.

📝 Cloudflare has introduced Markdown for Agents, an edge feature that converts HTML to Markdown in real time when a client requests text/markdown via content negotiation. The service returns a markdown body, a content-type of text/markdown, and an x-markdown-tokens header estimating token count to help with chunking and context-window planning. Converted responses also include a Content-Signal header (ai-train=yes, search=yes, ai-input=yes) to indicate permitted downstream uses. The feature is available in Beta at no additional cost for Pro, Business, Enterprise and SSL for SaaS customers.

🚨 Cloudflare attributed a record hyper‑volumetric HTTP DDoS to the AISURU/Kimwolf botnet that peaked at 31.4 Tbps and lasted 35 seconds in November 2025. The group was also linked to a campaign codenamed The Night Before Christmas, which began on December 19, 2025, and produced averages near 3 Bpps, 4 Tbps and 54 Mrps. Google and Cloudflare disrupted the IPIDEA residential proxy network used to recruit more than 2 million Android devices.

🛡️ Cloudflare's 24th Quarterly DDoS Threat Report documents a record-setting 2025 capped by a 31.4 Tbps attack and a late-December campaign from the Aisuru-Kimwolf botnet. The firm observed a 121% year-over-year surge in DDoS activity, averaging 5,376 mitigations per hour and a tripling of network-layer assaults to 34.4 million. Hyper-volumetric HTTP floods—largely from infected Android TVs—peaked above 200 Mrps and targeted telcos, gaming, and AI providers, while Cloudflare's autonomous defenses automatically detected and mitigated these incidents.

🚀 Cloudflare has launched R2 Local Uploads in open beta to speed global writes by first writing object data to storage near the client and then asynchronously replicating it to the bucket's home region. Uploads remain strongly consistent and immediately accessible after the initial write, and private-beta tests show up to a 75% reduction in Time to Last Byte for cross-region uploads. Enable Local Uploads via the Cloudflare Dashboard or with Wrangler; there is no additional charge beyond standard Class A operation costs.

⚖️ Cloudflare welcomes the UK CMA’s consultation on proposed conduct requirements for Google but argues the measures do not go far enough to protect publishers and competition. Cloudflare’s analysis shows Googlebot accesses substantially more unique pages than other AI crawlers, giving Google an entrenched advantage that can undercut publisher revenue. The company urges mandatory crawler separation so sites can permit search indexing while blocking use of content for generative AI, restoring publisher choice and enabling fairer market competition.

🔀 Cloudflare released a Worker template for Vertical Microfrontends, enabling multiple independent Cloudflare Workers to serve a single domain by mapping routes (e.g., /docs, /dash) to distinct teams. The Router Worker leverages service bindings to call specific Workers, rewrites asset paths with HTMLRewriter, and can inject CSS view transitions plus speculation-rule preloads to create seamless, preloaded navigation. Teams keep full stack autonomy while users experience a unified application.

🔴 Cloudflare says the Aisuru/Kimwolf botnet launched a record DDoS campaign on December 19 that peaked at 31.4 Tbps and about 200 million requests per second. The attacks, dubbed The Night Before Christmas, targeted telecommunications and IT providers and hit Cloudflare’s dashboard and infrastructure. Sources were identified as compromised Android TVs rather than typical IoT routers, and most bursts lasted one to two minutes. Cloudflare reports the attacks were detected and mitigated automatically without triggering internal alerts.