2025-11-24
The WAF provides ways for our customers to gain insight into why it takes certain actions. The more granular and precise the insight, the more reproducible and understandable it is. Revamped payload logging is one such method. ...
Continue reading »
2025-10-29
IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result. ...
2025-07-22
Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers....
2025-03-20
Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report....
March 20, 2025 1:10 PM
Cloudflare’s first AI agent, Cloudy, helps make complicated configurations easy to understand for Cloudflare administrators....
March 20, 2025 1:00 PM
We’re introducing a new Application Security experience in the Cloudflare dashboard, with a reworked UI organized by use cases, making it easier for customers to navigate and secure their accounts....
February 07, 2025 8:13 PM
Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different...
August 12, 2024 2:00 PM
Explore how Cloudflare's JA4 fingerprinting and inter-request signals provide robust and scalable insights for advanced web security and threat detection. ...
July 25, 2024 1:00 PM
In this post, we discuss performance optimizations we've implemented for our WAF ML product. We'll guide you through code examples, benchmarks, and we'll share the impressive latency reduction numbers...
July 11, 2024 5:00 PM
Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks...
March 07, 2024 2:00 PM
Announcing the General Availability of WAF Content Scanning, protecting your web applications and APIs from malware by scanning files in-transit...
March 04, 2024 2:02 PM
Cloudflare is one of the first providers to safeguard LLM models and users in the era of AI...
March 04, 2024 2:00 PM
Introducing AI Assistant for Security Analytics. Now it is easier than ever to get powerful insights about your web security. Use the new integrated natural language query interface to explore Security Analytics...
January 23, 2024 2:00 PM
The issuance of Emergency Rules by Cloudflare on January 17, 2024, helped give customers a big advantage in dealing with these threats...
November 15, 2023 2:00 PM
Today we are expanding Custom Lists by enabling you to create lists of hostnames and ASNs...
October 04, 2023 4:03 PM
On 2023-10-04 at 13:00 UTC, Atlassian released details of the zero-day vulnerability described as “Privilege Escalation Vulnerability in Confluence Data Center and Server” (CVE-2023-22515), a zero-day vulnerability impacting Confluence Server and Data Center products...
September 29, 2023 1:00 PM
In this blog post we talk about our approach and ongoing research into detecting novel web attack vectors in our WAF before they are seen by a security researcher....
September 19, 2023 1:00 PM
Cloudflare Analytics can now suggest rate limiting threshold based on historic traffic patterns. Rate Limiting also supports a throttle behavior...
August 21, 2023 2:15 PM
We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...
