Archive | Security

RSS feed for this section

Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4

Welcome to the 20th edition of the Cloudflare DDoS Threat Report, marking five years since our first report in 2020. Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth […]

The fall and rise of TikTok (traffic)

The United States ban on TikTok went into effect on January 19, 2025, and although service began to be restored after just 14 hours, it was only close to the inauguration of Donald Trump as the 47th President of the United States that associated DNS traffic started to recover to closer to previous levels. In […]

TikTok ban takes hold: data reveals sharp traffic decline and rapid shift to alternatives

The United States ban on TikTok went into effect on January 19, 2025, and our data showed a clear impact starting after 03:30 UTC (10:30 PM ET on January 18, 2025). The ban was part of the “Protecting Americans from Foreign Adversary Controlled Applications Act,” proposed in Congress, which ordered ByteDance to divest due to […]

Backdoors: The Hidden Threat Lurking in Your Website

Website backdoors are a silent yet deadly threat to website security. These stealthy mechanisms bypass standard authentication, providing attackers with persistent, unauthorized access to a website’s backend. Often overlooked, backdoors allow cybercriminals to maintain access long after an initial breach. Understanding the risks they pose and how to mitigate them is essential for website owners […]

Japanese Spam on a Cleaned WordPress Site: The Hidden Sitemap Problem

While investigating a compromised WordPress site, we discovered a malware infection causing Japanese spam links to appear in Google search results. Although the site had been cleaned, Google was still crawling and indexing spammy URLs, which impacted the site’s SEO and credibility. Japanese SEO Spam: A Common Threat Japanese SEO spam is a recurring issue […]

Demonstrating reduction of vulnerability classes: a key step in CISA’s “Secure by Design” pledge

In today’s rapidly evolving digital landscape, securing software systems has never been more critical. Cyber threats continue to exploit systemic vulnerabilities in widely used technologies, leading to widespread damage and disruption. That said, the United States Cybersecurity and Infrastructure Agency (CISA) helped shape best practices for the technology industry with their Secure-by-Design pledge. Cloudflare signed […]

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection

Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware […]

Vulnerability & Patch Roundup — December 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]