Security News

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
2025-03-28 11:29

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based...

Cloudflare R2 service outage caused by password rotation error
2025-03-25 19:47

Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...]

Cloudflare now blocks all unencrypted traffic to its API endpoints
2025-03-22 15:35

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [...]

Cloudflare outage caused by botched blocking of phishing URL
2025-02-07 15:44

An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. [...]

Cloudflare CDN flaw leaks user location data, even through secure chat apps
2025-01-22 21:32

A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), which could expose a person's general location by simply sending them an image on platforms like Signal and...

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
2025-01-21 21:04

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...]

UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
2024-12-19 08:40

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the...

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
2024-12-06 07:03

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an...

Cloudflare’s developer domains increasingly abused by threat actors
2024-12-03 21:00

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other...

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours
2024-11-27 16:15

Internet security giant Cloudflare announced that it lost 55% of all logs pushed to customers over a 3.5-hour period due to a bug in the log collection service on November 14, 2024. [...]