All news with #cloudflare tag

🤖 Cloudflare published Moltworker, an adaptation of the open-source Moltbot personal AI agent designed to run on the Cloudflare Developer Platform instead of dedicated local hardware. The implementation combines Workers, the Sandbox SDK, Browser Rendering, and R2 to run agent workloads at the edge with controlled persistence. Integration with AI Gateway adds centralized observability, BYOK support, unified billing and fallback behavior. The repo is open-source and the project is presented as a proof-of-concept that requires a paid Workers plan.

🔒 Cloudflare ported a Matrix homeserver to Cloudflare Workers as a proof-of-concept, combining edge execution with built-in post-quantum TLS to reduce operational burden. The implementation remaps traditional components — Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects — to provide strong consistency where needed and near-zero idle cost. End-to-end encryption remains client-side via Megolm, so Workers terminate TLS but only handle ciphertext. The result is a low-latency, easy-to-deploy homeserver with automatic DDoS protection and request-based pricing.

🔒 Cloudflare describes a proof-of-concept Matrix homeserver implemented on Cloudflare Workers, porting core logic from Synapse to a TypeScript service. By mapping Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects, the architecture removes much of the traditional operational burden. The Worker preserves full Matrix E2EE (Megolm) while TLS automatically negotiates a post-quantum hybrid key agreement (X25519MLKEM768), delivering lower latency, usage-based cost scaling, and global distribution.

⚠️ Cloudflare disclosed that a policy misconfiguration on a router caused a 25-minute Border Gateway Protocol (BGP) route leak for IPv6 traffic on January 22, producing congestion, packet loss, and roughly 12 Gbps of dropped traffic. The change removed specific prefix filters and made export rules overly permissive, redistributing internal IPv6 routes externally from Miami. Engineers detected and manually reverted the change, paused automation, and restored normal operations within 25 minutes. Cloudflare says it will add stricter export safeguards, CI/CD policy checks, improved detection, and promote RPKI ASPA adoption.

🌐 In Q4 2025 Cloudflare observed over 180 Internet disruptions worldwide driven by government-directed shutdowns, submarine cable cuts, power failures, extreme weather, military action, and technical faults at operators and hyperscalers. Significant incidents included a Tanzania shutdown, multiple fiber and submarine cable outages affecting Haiti, Pakistan, Cameroon and the Dominican Republic, and catastrophic cyclone damage in Sri Lanka and Indonesia. Several provider-side and hyperscaler incidents also reduced availability for many sites and applications, while two Cloudflare-specific outages impacted service for subsets of customers. Verified anomalies and outage details are tracked in Cloudflare Radar and available via the Radar API.

⚠️On January 22, 2026, an automated routing policy change caused Cloudflare to unintentionally advertise IPv6 routes from a Miami router for 25 minutes. The misconfiguration accepted internal IBGP routes and redistributed them to peers and transit providers, funneling non-Cloudflare traffic into Miami and causing congestion, elevated packet loss, and higher latency on backbone links. Firewall filters on the router discarded around 12 Gbps of ingress traffic for those non-downstream prefixes. Cloudflare paused automation, reverted the change, restored normal operation, and apologized to affected users, customers, and external networks.

🔒 Cloudflare patched a vulnerability in its ACME HTTP-01 validation logic that could allow requests to bypass WAF protections and reach customer origin servers. Discovered by FearsOff in October 2025, the flaw arose when edge logic disabled WAF handling for requests matching an ACME challenge token without confirming the token belonged to the requested hostname. Cloudflare said it found no evidence of exploitation and implemented a code change on October 27, 2025 to only disable WAF features when the token is a valid challenge for that specific hostname.

🔒 Cloudflare patched a logic flaw in its ACME HTTP-01 handling that could disable certain WAF protections for specific challenge paths. The issue was reported by researchers from FearsOff through Cloudflare’s bug bounty program on October 13, 2025, and affected requests to /.well-known/acme-challenge/*. In some cases, challenge requests could reach customer origins when they should have been blocked because WAF features were incorrectly disabled. Cloudflare implemented a code change to ensure WAF disabling only occurs when Cloudflare will serve a valid ACME challenge response; no customer action is required and there is no known abuse.

🚀 Cloudflare has acquired The Astro Technology Company and will integrate the Astro web framework into its platform while keeping the project open source under the MIT license. All full-time Astro employees have joined Cloudflare and the company pledges continued support for the Astro Ecosystem Fund alongside partners. Astro 6 is in public beta, featuring a redesigned development server built on the Vite Environments API, stable Live Content Collections, improved Content Security Policy support, and simpler APIs.

🤝 Cloudflare has acquired Human Native, a UK AI data marketplace that converts multimedia into licensed, structured datasets for AI developers. The team will help Cloudflare expand tools like AI Crawl Control, Pay Per Crawl and the AI Index, enabling publishers to expose structured updates and control access. It emphasizes licensed, high-quality data, creator compensation and greater control over how content is used by AI systems.

⚠️ On January 8, 2026, a memory-optimizing change to Cloudflare’s 1.1.1.1 resolver inadvertently reordered DNS answer records, placing CNAMEs after final A/AAAA answers and triggering widespread resolution failures. The bug primarily affected clients that parse answers sequentially—most notably glibc getaddrinfo and certain Cisco switch firmware—resulting in failed lookups and reboot loops in some devices. Cloudflare reverted the change promptly and has drafted an IETF Internet‑Draft to clarify expected answer ordering.

🌐 Cloudflare observed a near-total Internet blackout in Iran beginning on January 8, 2026, as national traffic fell to effectively zero in a matter of hours. Measured indicators included a 98.5% reduction in announced IPv6 address space and rapid losses at major providers such as MCCI, IranCell, and TCI. Brief, localized restorations — including access to Cloudflare’s 1.1.1.1 resolver and several university networks — were transient. Cloudflare continues to monitor the situation through Cloudflare Radar and will report updates.

🔍 Cloudflare analyzed a BGP route leak observed on January 2 involving AS8048 (CANTV) redistributing prefixes originated by AS21980 (Dayco Telecom) via upstreams including AS6762 (Sparkle) and AS52320 (V.tal/GlobeNet). The pattern — with eleven similar events since December, heavy AS prepending, and an upstream provider relationship — suggests misconfigured export/import policies rather than deliberate interception. ROV would not have prevented this path-based leak; adoption of ASPA, RFC9234/OTC, and Peerlock-style checks is recommended to mitigate future leaks.

🧠 Cloudflare built a centralized maintenance scheduler on Workers to automatically enforce safety constraints across 330+ data centers, replacing error-prone manual coordination. The scheduler models infrastructure and product relationships as a typed graph, so Workers fetch only the relationships relevant to a maintenance request and avoid memory bloat. A layered fetch pipeline with request deduplication, an LRU in-memory cache, CDN caching and backoff retries reduced response payloads ~100x and drives ~99% cache hits for real-time checks.

⚠️ Cloudflare has opened a company‑wide "Code Orange: Fail Small" initiative after two network incidents in November and December 2025 that disrupted customer traffic. The program prioritizes three workstreams: require controlled rollouts for configuration changes, review and harden failure modes across services, and overhaul break‑glass procedures to remove circular dependencies. Changes will be delivered iteratively, using existing Health Mediated Deployments (HMD) and updates to Quicksilver to stage and validate configuration updates before global propagation.

🔍 Cloudflare’s H1 2025 transparency update explains how the company is evolving its approach to unauthorized streaming and related copyright claims, combining technical controls, automation, and partnerships with rightsholders. The post highlights a service-specific abuse model that treats hosted content differently from sites using Cloudflare’s CDN and security layers, and describes expanded use of APIs and automated detection. Cloudflare also reiterates its refusal to implement public DNS blocking while describing limited geoblocking in jurisdictions where orders meet human rights and proportionality tests.

📊 Cloudflare announces support for aggregations in R2 SQL, enabling GROUP BY, SUM, COUNT, HAVING and ORDER BY over data stored in R2 Data Catalog. The release introduces two distributed strategies — scatter-gather for pre-aggregates and shuffling with deterministic hash partitioning for global grouping and sorting. Developers can now run large-scale analytical queries and top-K reports on Parquet data without moving it or managing separate OLAP infrastructure.

📊 Cloudflare’s Radar report summarizes the Top Internet Services of 2025 using anonymized DNS queries from the 1.1.1.1 resolver and a machine-learning ranking method. It highlights continued dominance by Google and Facebook, strong gains by generative AI like ChatGPT and emerging rivals, and regional shifts such as Kwai rising in emerging markets. The analysis spans nine categories and includes country-level Top 10s for local context. E-commerce momentum saw Shopee and Temu join Amazon in the global top three, while crypto, news, and streaming showed event-driven volatility.

🚨 Cloudflare's Cloudforce One team observed rapid scanning and exploitation attempts immediately after the public disclosure of React2Shell (CVE-2025-55182) on 2025-12-03. Attackers quickly integrated the unauthenticated RCE into automated reconnaissance using public asset discovery, Nuclei templates, and custom scanners to find exposed React Server Components. Cloudflare deployed Free and Paid WAF rules (default Block) and Worker-level protections while urging immediate patching. Telemetry showed millions of hits, diverse User-Agent fingerprints, and broad payload experimentation.

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.