Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different
DDoS threat report for 2024 Q1
2024 started with a bang. Cloudflare’s autonomous systems mitigated over 4.5 million DDoS attacks in the first quarter of the year — a 50% increase compared to the previous year.
Thanksgiving 2023 security incident
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry
Introducing HAR Sanitizer: secure HAR sharing
As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.
How Cloudflare mitigated yet another Okta compromise
On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response.
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected
DDoS threat report for 2023 Q2
Q2 2023 saw an unprecedented escalation in DDoS attack sophistication. Pro-Russian hacktivists REvil, Killnet and Anonymous Sudan joined forces to attack Western sites. Mitel vulnerability exploits surged by a whopping 532%, and attacks on crypto rocketed up by 600%. Read the full story...
It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused | Trustwave
As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
This was a weekend of record-breaking DDoS DDoS. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
This was a weekend of record-breaking DDoS DDoS. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
The mechanics of a sophisticated phishing scam and how we stopped it
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
The mechanics of a sophisticated phishing scam and how we stopped it
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
The mechanics of a sophisticated phishing scam and how we stopped it
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.
Cloudflare mitigates 26 million request per second DDoS attack
Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.