Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Cloudflare One is the first SASE offering modern post-quantum encryption across the full platform
During Security Week 2025, we launched the industry’s first cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust solution, a major step towards securing enterprise network traffic sent from end user devices to public and private networks. But this is only part of the equation. To truly secure the future of enterprise networking, you need […]
Cloudflare outage on February 20, 2026
On February 20, 2026, at 17:48 UTC, Cloudflare experienced a service outage when a subset of customers who use Cloudflare’s Bring Your Own IP (BYOIP) service saw their routes to the Internet withdrawn via Border Gateway Protocol (BGP). The issue was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind. […]
Shedding old code with ecdysis: graceful restarts for Rust services at Cloudflare
ecdysis | ˈekdəsəs | noun the process of shedding the old skin (in reptiles) or casting off the outer cuticle (in insects and other arthropods). How do you upgrade a network service, handling millions of requests per second around the globe, without disrupting even a single connection? One of our solutions at Cloudflare to this […]
Beyond Login Screens: Why Access Control Matters
As breach costs go up and attackers focus on common web features like dashboards, admin panels, customer portals, and APIs, weak access control quickly leads to lost data, broken trust, and costly incidents. The worst part is that many failures are not rare technical flaws but simple mistakes, such as missing permission checks, roles with […]
Vulnerability & Patch Roundup — January 2026
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
Last month, while working on a WordPress cleanup case, a customer reached out with a strange complaint: their website looked completely normal to them and their visitors, but Google search results were showing something very different. Instead of normal titles and descriptions, Google was displaying casino and gambling-related content. We have been seeing rising cases […]
Google’s AI advantage: why crawler separation is the only path to a fair Internet
Earlier this week, the UK’s Competition and Markets Authority (CMA) opened its consultation on a package of proposed conduct requirements for Google. The consultation invites comments on the proposed requirements before the CMA imposes any final measures. These new rules aim to address the lack of choice and transparency that publishers (broadly defined as “any […]
Building a serverless, post-quantum Matrix homeserver
* This post was updated at 11:45 a.m. Pacific time to clarify that the use case described here is a proof of concept and a personal project. Some sections have been updated for clarity. Matrix is the gold standard for decentralized, end-to-end encrypted communication. It powers government messaging systems, open-source communities, and privacy-focused organizations worldwide. […]
Route leak incident on January 22, 2026
On January 22, 2026, an automated routing policy configuration error caused us to leak some Border Gateway Protocol (BGP) prefixes unintentionally from a router at our data center in Miami, Florida. While the route leak caused some impact to Cloudflare customers, multiple external parties were also affected because their traffic was accidentally funnelled through our […]
