2024 ended with a bang. Cloudflare mitigated another record-breaking DDoS attack peaking at 5.6 Tbps. Overall, Cloudflare mitigated 21.3 million DDoS attacks in 2024, representing a 53% increase compared to 2023.

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.

Web performance and security firm Cloudflare recently mitigated another record-breaking DDoS attack.
According to Matthew Prince, the company’s CEO, the attack peaked at 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps). The attack was aimed at an unidentified customer of an unnamed hosting provider that uses Cloudflare services.

On September 3, 2024, the White House published a report on Internet routing security. We’ll talk about what that means and how you can help.
The Internet can feel like magic. When you load a webpage in your browser, many simultaneous requests for data fly back and forth to remote servers. Then, often in less than one second, a website appears. Many people know that DNS is used to look up a hostname, and resolve it to an IP address, but fewer understand how data flows from your home network to the network that controls the IP address of the web server.

Cloudflare's TryCloudflare is being exploited by cybercriminals for malware delivery via phishing emails, reports say.

Tech giant Cloudflare urged customers to remove a popular open source library used to support older browsers after reports emerged this week that the tool is being used to distribute malware.

Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different

2024 started with a bang. Cloudflare’s autonomous systems mitigated over 4.5 million DDoS attacks in the first quarter of the year — a 50% increase compared to the previous year.

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.

Cloudflare is investigating an ongoing outage causing 'We're sorry

As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.

On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response.

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected

Q2 2023 saw an unprecedented escalation in DDoS attack sophistication. Pro-Russian hacktivists REvil, Killnet and Anonymous Sudan joined forces to attack Western sites. Mitel vulnerability exploits surged by a whopping 532%, and attacks on crypto rocketed up by 600%. Read the full story...

As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.

This was a weekend of record-breaking DDoS DDoS. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.

Unusually resourced threat actor has targeted multiple companies in recent days.

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

When a new security threat arises — a publicly exploited vulnerability (like log4j) or the shift from corporate-controlled environments to remote work or a potential threat actor — it is the Security team’s job to respond to protect Cloudflare’s network, customers, and employees. And as security threats evolve, so should our defense system. Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would?