All news with #cloudflare tag

Cloudflare Application Confidence Scores for AI Safety

🔒 Cloudflare introduces Application Confidence Scores to help enterprises assess the safety and data protection posture of third-party SaaS and Gen AI applications. Scores, delivered as part of Cloudflare’s AI Security Posture Management, use a transparent, public rubric and automated crawlers combined with human review. Vendors can submit evidence for rescoring, and scores will be applied per account tier to reflect differing controls across plans.

Cloudflare CASB API Scanning for ChatGPT, Claude, Gemini

🔒 Cloudflare One users can now connect OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini to Cloudflare's API CASB to scan GenAI tenants for misconfigurations, DLP matches, data exposure, and compliance risks without installing endpoint agents. The API CASB provides out-of-band posture and DLP analysis, while Cloudflare Gateway delivers inline prompt controls and Shadow AI identification. Integrations are available in the dashboard or through your account manager.

Cloudflare Launches AI Avenue: A Hands-On Miniseries

🤖 Cloudflare introduces AI Avenue, a six-episode miniseries and developer resource designed to demystify AI through hands-on demos, interviews, and real-world examples. Hosted by Craig alongside Yorick, a robot hand, the series increments Yorick’s capabilities—voice, vision, reasoning, learning, physical action, and speculative sensing—to show how AI develops and interacts with people. Each episode is paired with developer tutorials so both technical and non-technical audiences can experiment with the same tools featured on the show. Cloudflare also partnered with industry teams like Anthropic, ElevenLabs, and Roboflow to highlight practical, safe, and accessible applications.

Cloudflare AI Week 2025: Securing AI, Protecting Content

🔒 Cloudflare this week outlines a multi-pronged plan to help organizations build secure, production-grade AI experiences while protecting original content and infrastructure. The company will roll out controls to detect Shadow AI, enforce approved AI toolchains, and harden models against poisoning or misuse. It is expanding Crawl Control for content owners and enhancing the AI Gateway with caching, observability, and framework integrations to reduce risk and operational cost.

MoQ: A unified, low-latency media relay on QUIC at scale

🔁 Cloudflare announces the first Media over QUIC (MoQ) relay network, built on a modern transport to unify ingest and delivery for real-time media. MoQ — an open IETF protocol developed alongside vendors like Meta, Google, and Cisco — treats media as named, subscribable tracks and forwards immutable wire Objects via relays without transcoding. The design leverages QUIC features such as no head-of-line blocking, connection migration, and 0-RTT resumption to deliver sub-second latency at broadcast scale, while simplifying architectures that previously required many disparate protocols.

ClickFix Campaign Delivers CORNFLAKE.V3 Backdoor via Web

🛡️ Mandiant observed a campaign using the ClickFix social‑engineering lure to trick victims into copying and running PowerShell commands via the Windows Run dialog, yielding initial access tracked as UNC5518. That access is monetized and used by other groups to deploy a versatile backdoor, CORNFLAKE.V3, in PHP and JavaScript forms. CORNFLAKE.V3 supports HTTP-based payload execution, Cloudflare-tunneled proxying and registry persistence; researchers recommend disabling Run where possible, tightening PowerShell policies and increasing logging and user training to mitigate the risk.

Gamaredon 2024: Enhanced Spearphishing vs Ukrainian Targets

🔍 ESET Research describes Gamaredon’s 2024 shift to exclusively target Ukrainian government institutions, significantly increasing spearphishing scale and frequency while adopting new delivery techniques such as malicious hyperlinks and LNK files served from Cloudflare domains. The group introduced six new PowerShell and VBScript-based tools and upgraded existing implants with improved obfuscation, registry-based persistence, and stealth features. Operators have largely hidden C2 infrastructure behind Cloudflare tunnels and increasingly rely on third-party platforms and DoH for resilience.

0ktapus Phishing Campaign Compromises 130+ Firms Worldwide

🔐 Researchers link a sprawling phishing campaign to the 0ktapus threat group, which spoofed Okta authentication pages and induced employees to submit credentials and MFA codes. The operation hit more than 130 organizations and led to 9,931 compromised accounts, with targeted activity against Twilio and Cloudflare staff. Group-IB reports 5,441 harvested MFA codes and urges URL vigilance, better password hygiene and adoption of FIDO2 security keys.