Tag Archives: security

Vulnerability disclosure on SSL for SaaS v1 (Managed CNAME)

Earlier this year, a group of external researchers identified and reported a vulnerability in Cloudflare’s SSL for SaaS v1 (Managed CNAME) product offering through Cloudflare’s bug bounty program. We officially deprecated SSL for SaaS v1 in 2021; however, some customers received extensions for extenuating circumstances that prevented them from migrating to SSL for SaaS v2 […]

Celebrate Micro-Small, and Medium-sized Enterprises Day with Cloudflare

On June 27, the United Nations celebrates Micro-, Small, and Medium-sized Enterprises Day (MSME) to recognize the critical role these businesses play in the global economy and economic development. According to the World Bank and the UN, small and medium-sized businesses make up about 90 percent of all businesses, between 50-70 percent of global employment, […]

Everything you need to know about NIST’s new guidance in “SP 1800-35: Implementing a Zero Trust Architecture”

For decades, the United States National Institute of Standards and Technology (NIST) has been guiding industry efforts through the many publications in its Computer Security Resource Center. NIST has played an especially important role in the adoption of Zero Trust architecture, through its series of publications that began with NIST SP 800-207: Zero Trust Architecture, […]

Cloudflare Log Explorer is now GA, providing native observability and forensics

We are thrilled to announce the General Availability of Cloudflare Log Explorer, a powerful new product designed to bring observability and forensics capabilities directly into your Cloudflare dashboard. Built on the foundation of Cloudflare’s vast global network, Log Explorer leverages the unique position of our platform to provide a comprehensive and contextualized view of your […]

Celebrating 11 years of Project Galileo’s global impact

June 2025 marks the 11th anniversary of Project Galileo, Cloudflare’s initiative to provide free cybersecurity protection to vulnerable organizations working in the public interest around the world. From independent media and human rights groups to community activists, Project Galileo supports those often targeted for their essential work in human rights, civil society, and democracy building. […]

Understanding SSRF: Abusing Server Trust from the Inside Out

In our daily interactions online, trust is a fundamental currency. We trust servers to handle our data, process our requests, and reliably deliver content. But what happens when that trust is abused and turned against the server itself? What if an attacker could trick your server into becoming an unwitting accomplice, abusing its privileged position […]

Resolving a request smuggling vulnerability in Pingora

On April 11, 2025 09:20 UTC, Cloudflare was notified via its Bug Bounty Program of a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework discovered by a security researcher experimenting to find exploits using Cloudflare’s Content Delivery Network (CDN) free tier which serves some cached assets via Pingora. Customers using the free tier of […]

Vulnerability transparency: strengthening security through responsible disclosure

In an era where digital threats evolve faster than ever, cybersecurity isn’t just a back-office concern — it’s a critical business priority. At Cloudflare, we understand the responsibility that comes with operating in a connected world. As part of our ongoing commitment to security and transparency, Cloudflare is proud to have joined the United States […]

MTR For Website Troubleshooting

Let’s set the scene: You go to visit a website and you get a “connection timed out” error. Is this a browser, internet, firewall, or hosting server issue? How do I know who to contact to get the issue resolved? Should I use ping, traceroute, or an MTR to get to the bottom of the […]