October 05, 2023 3:00 PM
Google announced a security issue in Chrome titled "Heap buffer overflow in WebP in Google Chrome." At first it seemed like just another bug, but has implications that extended well beyond Chrome....
August 04, 2023 6:29 PM
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
July 25, 2023 12:47 AM
The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data processed in the CPU, ...
July 10, 2023 1:00 PM
Customers using Cloudflare Images or Image Resizing products are protected against the aCropalypse vulnerability. ...
April 25, 2023 1:07 PM
Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...
November 02, 2022 9:31 AM
Information on CVE-2022-3602 and CVE-2022-3786, and why Cloudflare was not impacted...
June 05, 2022 8:54 PM
UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products....
June 03, 2022 5:30 AM
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability....
May 26, 2022 1:17 PM
Cloudflare’s approach to handling firmware vulnerabilities and how we keep our internal data protected...
May 06, 2022 1:00 PM
The Cloudflare Bug Bounty has resulted in numerous security improvements to Cloudflare Pages...
March 31, 2022 3:13 PM
Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...
March 29, 2022 3:51 PM
CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...
March 08, 2022 3:22 PM
A zero-day vulnerability in the Mitel MiCollab business phone system has recently been discovered (CVE-2022-26143). This vulnerability, called TP240PhoneHome, which Cloudflare customers are already protected against, can be used to launch UDP amplification attacks...
March 08, 2022 2:59 PM
A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks...
February 01, 2022 5:28 PM
Today we are launching Cloudflare’s paid public bug bounty program. We believe bug bounties are a vital part of every security team’s toolbox....
December 15, 2021 1:56 PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible. Latest version is available on the Log4J download page....
December 14, 2021 5:48 PM
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
December 14, 2021 10:23 AM
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
December 10, 2021 11:39 PM
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
