cloudflare
-
GhostAction: GitHub supply-chain attack exposes 3,325 secrets across hundreds of repositories
Researchers say a GitHub supply-chain campaign named GhostAction stole about 3,325 secrets across PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys, by compromising maintainer accounts to inject malicious GitHub Actions workflows that exfiltrate secrets to an attacker-controlled endpoint.
-
Misissued TLS certificates tied to Cloudflare’s 1.1.1.1 DNS service raise internet-security concerns
Security researchers disclosed mis-issued TLS certificates tied to Cloudflare’s 1.1.1.1 DNS service, a flaw that could enable impersonation and traffic interception. With the issuer and responsible parties not fully disclosed, the episode underscores ongoing vulnerabilities in the certificate authority system and the role of Certificate Transparency in detecting mis-issuances.
-
Cloudflare says it blocked largest recorded DDoS attack at 11.5 Tbps
Cloudflare says it blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps and lasting about 35 seconds, with most traffic traced to Google Cloud as the company notes a broader rise in high-volume DDoS campaigns.
-
Cloudflare Confirms 1.1.1.1 Outage Stemmed from Internal Misconfiguration, Not Attack
Cloudflare confirmed that a recent outage of its 1.1.1.1 Resolver service was caused by an internal misconfiguration, dismissing concerns of a cyberattack or BGP hijack. The incident led to significant disruptions for users globally, with full restoration achieved within hours.
-
Cloudflare Thwarts Historic 7.3 Tbps DDoS Attack Targeting Hosting Provider
Cloudflare has successfully mitigated a record-breaking 7.3 Tbps DDoS attack targeting a hosting provider, marking a significant escalation in cyber threats to internet infrastructure, according to the company’s latest report.
-
New Malware Campaign Exploits Cloudflare Tunnels to Deliver Malicious Payloads
A new malware campaign, codenamed SERPENTINE#CLOUD, is exploiting Cloudflare Tunnel subdomains to distribute malicious payloads via phishing emails. This sophisticated attack targets users across multiple regions and employs advanced techniques to evade detection.
-
Cloudflare Outage Not Linked to Security Incident, Data Remains Safe
Cloudflare has confirmed that a recent service outage was not caused by a security incident. The outage, which lasted 2.5 hours, stemmed from a failure in the underlying storage infrastructure affecting its crucial Workers KV system. The company assures that all user data remains safe and plans to enhance system resilience moving forward.
-
Widespread Service Outages Affect Google Cloud and Cloudflare
Google Cloud and Cloudflare have reported widespread service outages affecting various services and platforms. Both companies are investigating the issues that began on June 12, with users experiencing significant access problems.
-
Global Authorities Disrupt Lumma Stealer Malware Operation
A coordinated effort by global authorities and tech companies has disrupted the Lumma Stealer malware operation, impacting its infrastructure and threatening its reach in the cybercrime market.
-
Surge in DDoS Attacks: Germany Faces Significant Threats in Q1 2025
A recent report from Cloudflare reveals a staggering 358% increase in DDoS attacks in Q1 2025, with Germany being the most targeted country. The report highlights a concerning trend of hyper-volumetric attacks, underscoring the urgent need for enhanced cybersecurity measures.
