Online casino spam has been without a doubt one of the most prevalent types of spam content that we’ve seen on infected websites in recent years. An extremely common method of promoting low-quality or otherwise undesirable websites is for spammers to hack websites and fill them full of backlinks to pump their SEO. Historically this […]
Fresh insights from old data: corroborating reports of Turkmenistan IP unblocking and firewall testing
Here at Cloudflare, we frequently use and write about data in the present. But sometimes understanding the present begins with digging into the past. We recently learned of a 2024 turkmen.news article (available in Russian) that reports Turkmenistan experienced “an unprecedented easing in blocking,” causing over 3 billion previously-blocked IP addresses to become reachable. The […]
Vulnerability & Patch Roundup — October 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
BGP zombies and excessive path hunting
Here at Cloudflare, we’ve been celebrating Halloween with some zombie hunting of our own. The zombies we’d like to remove are those that disrupt the core framework responsible for how the Internet routes traffic: BGP (Border Gateway Protocol). A BGP zombie is a silly name for a route that has become stuck in the Internet’s […]
Denial-of-Service (DoS) Attacks: What They Are, How They Work, and How to Defend Your Site
If your website suddenly crawls to a halt, pages time out, or customers report they can’t log in, you might be staring down a Denial-of-Service (DoS) attack. These incidents don’t require exotic zero-days or deep levels of access. More often, they’re brutally simple: overwhelm the target with traffic or requests until legitimate users can’t get […]
Beyond IP lists: a registry format for bots and agents
As bots and agents start cryptographically signing their requests, there is a growing need for website operators to learn public keys as they are setting up their service. I might be able to find the public key material for well-known fetchers and crawlers, but what about the next 1,000 or next 1,000,000? And how do […]
Anonymous credentials: rate-limiting bots and agents without compromising privacy
The way we interact with the Internet is changing. Not long ago, ordering a pizza meant visiting a website, clicking through menus, and entering your payment details. Soon, you might just ask your phone to order a pizza that matches your preferences. A program on your device or on a remote server, which we call […]
Policy, privacy and post-quantum: anonymous credentials for everyone
The Internet is in the midst of one of the most complex transitions in its history: the migration to post-quantum (PQ) cryptography. Making a system safe against quantum attackers isn’t just a matter of replacing elliptic curves and RSA with PQ alternatives, such as ML-KEM and ML-DSA. These algorithms have higher costs than their classical […]
Defending QUIC from acknowledgement-based DDoS attacks
On April 10th, 2025 12:10 UTC, a security researcher notified Cloudflare of two vulnerabilities (CVE-2025-4820 and CVE-2025-4821) related to QUIC packet acknowledgement (ACK) handling, through our Public Bug Bounty program. These were DDoS vulnerabilities in the quiche library, and Cloudflare services that use it. quiche is Cloudflare’s open-source implementation of QUIC protocol, which is the […]
Measuring characteristics of TCP connections at Internet scale
Every interaction on the Internet—including loading a web page, streaming a video, or making an API call—starts with a connection. These fundamental logical connections consist of a stream of packets flowing back and forth between devices. Various aspects of these network connections have captured the attention of researchers and practitioners for as long as the […]
