Cloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF). Cloudflare Workers are inherently immune to this exploit. React-based applications and […]
Archive | Security
RSS feed for this sectionCloudflare's 2025 Q3 DDoS threat report — including Aisuru, the apex of botnets
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. The third quarter of 2025 was overshadowed by […]
Vulnerability & Patch Roundup — November 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Get better visibility for the WAF with payload logging
As the surface area for attacks on the web increases, Cloudflare’s Web Application Firewall (WAF) provides a myriad of solutions to mitigate these attacks. This is great for our customers, but the cardinality in the workloads of the millions of requests we service means that generating false positives is inevitable. This means that the default […]
A Beginner’s Guide to the CVE Database
Keeping websites and applications secure starts with knowing which vulnerabilities exist, how severe they are, and whether they affect your stack. That’s exactly where the CVE program shines. Below, we’ll cover some CVE fundamentals, including what they are, how to search and understand the data, and how to translate this information into actionable steps. Introduction […]
Cloudflare outage on November 18, 2025
On 18 November 2025 at 11:20 UTC (all times in this blog are UTC), Cloudflare’s network began experiencing significant failures to deliver core network traffic. This showed up to Internet users trying to access our customers’ sites as an error page indicating a failure within Cloudflare’s network. The issue was not caused, directly or indirectly, […]
How to Fix the ERR_TOO_MANY_REDIRECTS Error
Encountering the ERR_TOO_MANY_REDIRECTS error (also called a redirect loop error) can be frustrating, especially when your website was working fine just moments ago. This issue is common across browsers such as Chrome, Firefox, and Edge and it typically means your site has entered a redirection loop. In this post, you’ll learn what the error means, […]
How to Choose WordPress Caching Options
If you want a faster WordPress site, caching belongs at the center of your performance plan. It reduces the work your server has to do and turns slow, dynamic page builds into quick, static responses. On many unoptimized sites, that shift alone can reduce several seconds off page loads when paired with other best practices. […]
Slot Gacor: The Rise of Online Casino Spam
Online casino spam has been without a doubt one of the most prevalent types of spam content that we’ve seen on infected websites in recent years. An extremely common method of promoting low-quality or otherwise undesirable websites is for spammers to hack websites and fill them full of backlinks to pump their SEO. Historically this […]
DIY BYOIP: a new way to Bring Your Own IP prefixes to Cloudflare
When a customer wants to bring IP address space to Cloudflare, they’ve always had to reach out to their account team to put in a request. This request would then be sent to various Cloudflare engineering teams such as addressing and network engineering — and then the team responsible for the particular service they wanted […]
