Subscribe to receive notifications of new posts:
2025年12月03日
Cloudflare offers protection against a new high profile vulnerability for React Server Components: CVE-2025-55182. All WAF customers are automatically protected as long as the WAF is deployed....
Continue reading »2025年07月22日
Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers....
2025年05月22日
Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks....
2025年05月16日
In line with CISA’s Secure By Design pledge, Cloudflare shares its vulnerability disclosure process, CVE issuance criteria, and CNA duties. ...
2024年05月30日
In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine...
October 04, 2023 4:03 PM
On 2023年10月04日 at 13:00 UTC, Atlassian released details of the zero-day vulnerability described as "Privilege Escalation Vulnerability in Confluence Data Center and Server" (CVE-2023-22515), a zero-day vulnerability impacting Confluence Server and Data Center products...
April 25, 2023 1:07 PM
Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...
January 31, 2023 2:00 PM
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands....
June 03, 2022 5:30 AM
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability....
March 31, 2022 3:13 PM
Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...
March 29, 2022 3:51 PM
CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...
January 12, 2020 6:11 PM
Cloudflare Access can help teams build a defense-in-depth mitigation to the Citrix NetScaler CVE for HTTP and SSH requests....