Archive | Security

RSS feed for this section

The role of email security in reducing user risk amid rising threats

Phishing remains one of the most dangerous and persistent cyber threats for individuals and organizations. Modern attacks use a growing arsenal of deceptive techniques that bypass traditional secure email gateways (SEGs) and email authentication measures, targeting organizations, employees, and vendors. From business email compromise (BEC) to QR phishing and account takeovers, these threats are designed […]

From ChatGPT to Temu: ranking top Internet services in 2024

Since the late 1990s, millions have relied on the Internet for searching, communicating, shopping, and working, though 2.6 billion people (about 31% of the global population) still lack Internet access. Over the years, use of the Internet has evolved from email and static sites to social media, streaming, e-commerce, cloud tools, and more recently AI […]

Cloudflare 2024 Year in Review

The 2024 Cloudflare Radar Year in Review is our fifth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level across a variety of metrics. In this year’s review, we have added several new traffic, adoption, connectivity, and email security metrics, as well as the ability to […]

Malicious Script Injection on WordPress Sites

Recently, our team discovered a JavaScript-based malware affecting WordPress sites, primarily targeting those using the Hello Elementor theme. This type of malware is commonly embedded within legitimate-looking website files to load scripts from an external source. The malware injects a malicious external script into the theme’s header.php file, leading to harmful consequences for site owners […]

Credit Card Skimmer Malware Targeting Magento Checkout Pages

Magento websites are a frequent target for cybercriminals due to their widespread usage in eCommerce and the valuable customer data they handle. During a routine investigation, we discovered a malicious JavaScript injection targeting Magento websites. This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the […]

Bigger and badder: how DDoS attack sizes have evolved over the last decade

Distributed Denial of Service (DDoS) attacks are cyberattacks that aim to overwhelm and disrupt online services, making them inaccessible to users. By leveraging a network of distributed devices, DDoS attacks flood the target system with excessive requests, consuming its bandwidth or exhausting compute resources to the point of failure. These attacks can be highly effective […]

Simple Include Statement Hides Casino Spam

Just as there are countless types of websites on the internet, there are just as many attackers seeking to exploit them. These attackers develop malicious code that continuously evolves, constantly finding new ways to harm their next target. Sometimes, threat actors rely on heavy obfuscation to conceal their malicious code, while others use stealthier methods […]

What’s new in Cloudflare: Account Owned Tokens and Zaraz Automated Actions

In October 2024, we started publishing roundup blog posts to share the latest features and updates from our teams. Today, we are announcing general availability for Account Owned Tokens, which allow organizations to improve access control for their Cloudflare services. Additionally, we are launching Zaraz Automated Actions, which is a new feature designed to streamline […]

PHP Reinfector and Backdoor Malware Target WordPress Sites

We recently observed a surge in WordPress websites being infected by a sophisticated PHP reinfector and backdoor malware. While we initially believed that the infection was linked to the wpcode plugin, we found that several sites without this plugin were compromised as well. Upon deeper investigation, we discovered that this malware not only reinfects website […]