< ciso
brief />
Tag Banner

All news with #cloudflare tag

318 articles · page 9 of 16

Astro Joins Cloudflare to Accelerate Web Development

🚀 Cloudflare has acquired The Astro Technology Company and will integrate the Astro web framework into its platform while keeping the project open source under the MIT license. All full-time Astro employees have joined Cloudflare and the company pledges continued support for the Astro Ecosystem Fund alongside partners. Astro 6 is in public beta, featuring a redesigned development server built on the Vite Environments API, stable Live Content Collections, improved Content Security Policy support, and simpler APIs.
read more →

Cloudflare Acquires Human Native to Improve AI Data Access

🤝 Cloudflare has acquired Human Native, a UK AI data marketplace that converts multimedia into licensed, structured datasets for AI developers. The team will help Cloudflare expand tools like AI Crawl Control, Pay Per Crawl and the AI Index, enabling publishers to expose structured updates and control access. It emphasizes licensed, high-quality data, creator compensation and greater control over how content is used by AI systems.
read more →

CNAME and A Record Order Ambiguity Causes DNS Failures

⚠️ On January 8, 2026, a memory-optimizing change to Cloudflare’s 1.1.1.1 resolver inadvertently reordered DNS answer records, placing CNAMEs after final A/AAAA answers and triggering widespread resolution failures. The bug primarily affected clients that parse answers sequentially—most notably glibc getaddrinfo and certain Cisco switch firmware—resulting in failed lookups and reboot loops in some devices. Cloudflare reverted the change promptly and has drafted an IETF Internet‑Draft to clarify expected answer ordering.
read more →

Iran Protests Trigger Nationwide Internet Shutdown

🌐 Cloudflare observed a near-total Internet blackout in Iran beginning on January 8, 2026, as national traffic fell to effectively zero in a matter of hours. Measured indicators included a 98.5% reduction in announced IPv6 address space and rapid losses at major providers such as MCCI, IranCell, and TCI. Brief, localized restorations — including access to Cloudflare’s 1.1.1.1 resolver and several university networks — were transient. Cloudflare continues to monitor the situation through Cloudflare Radar and will report updates.
read more →

BGP Route Leak in Venezuela: Analysis of AS8048 Event

🔍 Cloudflare analyzed a BGP route leak observed on January 2 involving AS8048 (CANTV) redistributing prefixes originated by AS21980 (Dayco Telecom) via upstreams including AS6762 (Sparkle) and AS52320 (V.tal/GlobeNet). The pattern — with eleven similar events since December, heavy AS prepending, and an upstream provider relationship — suggests misconfigured export/import policies rather than deliberate interception. ROV would not have prevented this path-based leak; adoption of ASPA, RFC9234/OTC, and Peerlock-style checks is recommended to mitigate future leaks.
read more →

How Cloudflare Workers Power Our Maintenance Scheduler

🧠 Cloudflare built a centralized maintenance scheduler on Workers to automatically enforce safety constraints across 330+ data centers, replacing error-prone manual coordination. The scheduler models infrastructure and product relationships as a typed graph, so Workers fetch only the relationships relevant to a maintenance request and avoid memory bloat. A layered fetch pipeline with request deduplication, an LRU in-memory cache, CDN caching and backoff retries reduced response payloads ~100x and drives ~99% cache hits for real-time checks.
read more →

Code Orange: Cloudflare’s Fail Small Resilience Plan

⚠️ Cloudflare has opened a company‑wide "Code Orange: Fail Small" initiative after two network incidents in November and December 2025 that disrupted customer traffic. The program prioritizes three workstreams: require controlled rollouts for configuration changes, review and harden failure modes across services, and overhaul break‑glass procedures to remove circular dependencies. Changes will be delivered iteratively, using existing Health Mediated Deployments (HMD) and updates to Quicksilver to stage and validate configuration updates before global propagation.
read more →

Cloudflare H1 2025 Transparency Report: Streaming and Blocking

🔍 Cloudflare’s H1 2025 transparency update explains how the company is evolving its approach to unauthorized streaming and related copyright claims, combining technical controls, automation, and partnerships with rightsholders. The post highlights a service-specific abuse model that treats hosted content differently from sites using Cloudflare’s CDN and security layers, and describes expanded use of APIs and automated detection. Cloudflare also reiterates its refusal to implement public DNS blocking while describing limited geoblocking in jurisdictions where orders meet human rights and proportionality tests.
read more →

R2 SQL Adds GROUP BY, SUM and Distributed Aggregations

📊 Cloudflare announces support for aggregations in R2 SQL, enabling GROUP BY, SUM, COUNT, HAVING and ORDER BY over data stored in R2 Data Catalog. The release introduces two distributed strategies — scatter-gather for pre-aggregates and shuffling with deterministic hash partitioning for global grouping and sorting. Developers can now run large-scale analytical queries and top-K reports on Parquet data without moving it or managing separate OLAP infrastructure.
read more →

Radar 2025 Year in Review: Top Internet Services and Trends

📊 Cloudflare’s Radar report summarizes the Top Internet Services of 2025 using anonymized DNS queries from the 1.1.1.1 resolver and a machine-learning ranking method. It highlights continued dominance by Google and Facebook, strong gains by generative AI like ChatGPT and emerging rivals, and regional shifts such as Kwai rising in emerging markets. The analysis spans nine categories and includes country-level Top 10s for local context. E-commerce momentum saw Shopee and Temu join Amazon in the global top three, while crypto, news, and streaming showed event-driven volatility.
read more →

React2Shell and RSC Vulnerabilities: Rapid Exploitation

🚨 Cloudflare's Cloudforce One team observed rapid scanning and exploitation attempts immediately after the public disclosure of React2Shell (CVE-2025-55182) on 2025-12-03. Attackers quickly integrated the unauthenticated RCE into automated reconnaissance using public asset discovery, Nuclei templates, and custom scanners to find exposed React Server Components. Cloudflare deployed Free and Paid WAF rules (default Block) and Worker-level protections while urging immediate patching. Telemetry showed millions of hits, diverse User-Agent fingerprints, and broad payload experimentation.
read more →

Shifting Left at Enterprise Scale for Cloudflare Governance

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.
read more →

Cloudflare Advances Python Workers with Faster Starts

🚀 Cloudflare has significantly upgraded Python Workers to support any package compatible with Pyodide, delivering a more complete Python-native developer experience. Rather than shipping a limited set of built-ins, developers can install pure-Python and many dynamic-library packages using the integrated uv tooling and pywrangler. Cloudflare also uses dedicated memory snapshots and its isolate-based architecture to achieve markedly faster cold starts than competing serverless options while keeping easy, global deployment and free-tier options.
read more →

Cloudflare Outage Caused by Emergency React2Shell Patch

🔧 Cloudflare says an emergency patch to mitigate the critical React2Shell vulnerability (CVE-2025-55182) introduced a change to its Web Application Firewall request parsing that briefly rendered the network unavailable and caused global "500 Internal Server Error" responses. The update targeted active remote code execution attempts against React Server Components and dependent frameworks. Cloudflare emphasized the incident was not an attack and that the change was deployed to protect customers while the industry addresses the flaw.
read more →

Cloudflare outage after WAF update to block React exploit

🛡️ Cloudflare briefly disrupted service after a Web Application Firewall update intended to mitigate a vulnerability in React Server Components (CVE-2025-55182) caused its request parser to fail. The incident began at 09:09 UTC and a corrective change was deployed within ten minutes, but monitoring sites and customers reported widespread errors during the outage. Downdetector logged spikes for enterprise and consumer services including Shopify, Zoom, Claude AI, and AWS. Cloudflare said the change was a protective measure for unpatched customers and confirmed the disruption was not an attack.
read more →

Cloudflare outage causes websites to return 500 errors

🚨 Cloudflare is experiencing an outage that is causing many websites to return an 500 Internal Server Error. The fault appears to be server-side and affects requests routed through Cloudflare, so users see an error page instead of normal content. Engineers at the provider are investigating the root cause and working to restore normal operations. This remains a developing situation and impacted sites may be unavailable until services are recovered.
read more →

Suspicious CDN-Header Traffic May Signal Evasion Tests

🔍 SANS honeypots detected increased HTTP requests containing CDN-related headers that may indicate probing to evade CDN protections. Researchers observed headers referencing Cloudflare (Cf-Warp-Tag-Id), Fastly (X-Fastly-Request-Id), Akamai (X-Akamai-Transformed) and an anomalous X-T0Ken-Inf0. Experts warn this could be reconnaissance to bypass CDNs and reach origin servers and urge origin hardening such as IP allowlists, validated tokens, or private connectivity.
read more →

Cloudflare outage on Dec 5, 2025 caused by WAF change

⚠️ On December 5, 2025 a configuration change to Cloudflare’s Web Application Firewall (WAF) triggered an error in a subset of proxies, causing HTTP 500 responses for affected customers. The change — increasing WAF request-body buffering to mitigate CVE-2025-55182 — was rolled out gradually, but a separate global configuration update disabled an internal tool and propagated immediately. That global change caused a Lua runtime nil lookup in the older FL1 proxy when a killswitch skipped an execute action in a ruleset; the change was reverted within 25 minutes and the incident was not caused by malicious activity.
read more →

Cloudflare Mitigates Record 29.7 Tbps DDoS by AISURU

🚨 Cloudflare reported it detected and mitigated a record 29.7 Tbps distributed denial-of-service attack attributed to the AISURU botnet. The UDP "carpet-bombing" assault, which randomized packet attributes and targeted an average of 15,000 destination ports per second, lasted 69 seconds. Cloudflare also mitigated a 14.1 Bpps event and said AISURU may comprise 1–4 million infected hosts, while blocking thousands of related hyper-volumetric attacks and noting significant quarterly increases in DDoS activity.
read more →

Aisuru botnet behind record 29.7 Tbps DDoS attack impact

⚠️ In three months the Aisuru botnet has been linked to more than 1,300 DDoS attacks, including a record peak of 29.7 Tbps in Q3 2025 that Cloudflare mitigated. The botnet, offered as a rental service, leverages an estimated 1–4 million compromised routers and IoT devices exploited via known vulnerabilities and weak credentials. The record incident lasted 69 seconds and used UDP carpet‑bombing across roughly 15,000 destination ports per second; Cloudflare reports a sharp rise in hyper‑volumetric attacks that can disrupt ISPs and critical services.
read more →