cloudflare
-
Cloudflare Pages/Workers offers a seamless platform for deploying static sites and applications, integrating directly with repositories on GitHub and GitLab. While this service enhances performance and security for legitimate users, it can inadvertently expose hidden pages or workers if not properly configured.As penetration testers, identifying these overlooked assets is crucial for comprehensive security assessments.Reconnaissance Tools…
-
I don’t know what I did in the past, but boy do attackers love to send me phishing messages. This time, the story started with the following emails: The emails share the same theme and message, and were all sent via research.net, which is part of the Surveymonkey service. This approach to making phishing attacks…
-
The Content Credentials integration is available now across Cloudflare’s entire global network. Cloudflare has launched a new feature to help people quickly verify the authenticity of online images. The web security and hosting provider has adopted the Adobe-led Content Credentials system, which applies a digital metadata tag to images and video that tracks who owns…
-
A vulnerability classified as problematic was found in Bryan Shanaver CloudFlare Cache Purge Plugin up to 1.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-22332. The attack can be launched remotely. There is no exploit available.
-
Im Januar 2025 berichtete der 15-jährige Sicherheitsforscher hackermondev/Daniel über eine von ihm entdeckte und getestete mögliche 0-Klick-Attacke auf Cloudflare und damit verbunden auch auf Dienste wie Discord, Signal und mehr. Der Fehler in Cloudflares Content Delivery Network (CDN) erlaubt es Angreifern, den Standort einer Person auf einen 250-Meilen-Radius (ca. 400km) einzugrenzen. Hierfür musste lediglich eine…
-
With Cloudflare conducting media resource caching at the data center closest in proximity to its users, security researcher Daniel discovered that an information-disclosure intrusion could be conducted through the delivery of a unique image hosted on Cloudflare’s CDN to a vulnerable app, which would use the Cloudflare Teleport tool to route the requests to certain…
-
With Cloudflare conducting media resource caching at the data center closest in proximity to its users, security researcher Daniel discovered that an information-disclosure intrusion could be conducted through the delivery of a unique image hosted on Cloudflare’s CDN to a vulnerable app, which would use the Cloudflare Teleport tool to route the requests to certain…
-
At Cloudflare, we are constantly innovating and launching new features and capabilities across our product portfolio. Today’s roundup blog post shares two exciting updates across our platform: our cross-platform 1.1.1.1 & WARP applications (consumer) and device agents (Zero Trust) now use MASQUE, a cutting-edge HTTP/3-based protocol, to secure your Internet connection. Additionally, DEX is now…
-
I want to use a VPN purely to hide my physical location from normal people (idc if companies know), is Cloudflare WARP good for this purpose? And is there a way to manually pick a server from WARP? submitted by /u/TechBasedQuestion [link] [comments]
-
Cloudflare’s 2024 internet traffic report highlights a 17.2% global increase in traffic, with Google maintaining its position as the most visited service and the U.S. responsible for 34.6% of bot traffic. The Register reports: One surprise (or perhaps not) is that IPv6 traffic is actually down as a percentage of the packets that passed through…
-
Cloudflare Radar celebrated its fourth birthday in September 2024. As we’ve expanded Radar’s scope over the last four years, the value that it provides as a resource for the global Internet has grown over time, and with Radar data and graphs often appearing in publications and social media around the world, we knew that we…
-
BlueAlpha, a Russian hacking group, is using Cloudflare Tunnels, a service that masks the origin of internet traffic, to hide its attacks on Ukrainian organizations. This makes it difficult to trace the source of the attack and allows malware to spread undetected.
-
A recently discovered security vulnerability dubbed “BreakingWAF” in the configuration of web application firewall (WAF) services has left numerous Fortune 1000 companies vulnerable to cyberattacks, according to Zafran, a leading cybersecurity research team.
-
The Insikt Group has uncovered a sophisticated cyber-espionage operation conducted by BlueAlpha, a state-sponsored threat actor with links to the Russian Federal Security Service (FSB). The campaign targets Ukrainian entities using a combination of HTML smuggling and Cloudflare’s tunneling service to stage and deploy GammaDrop malware.
-
BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware.
-
In a new campaign, a Russia-backed advanced persistent threat (APT) group is seen abusing Cloudflare tunnels to deliver its proprietary GammaLoad malware.
-
The state-sponsored cyber threat group BlueAlpha has been active since at least 2014 and has recently upgraded its malware delivery system to leverage Cloudflare Tunnels to stage GammaDrop malware.
-
Dec 06, 2024The Hacker NewsMalware / Threat Intelligence
-
NEWS BRIEF BlueAlpha, a Russian state-sponsored advanced persistent threat (APT) group, has recently evolved its malware delivery chain to abuse Cloudflare Tunnels — with the goal of ultimately infecting victims with its proprietary GammaDrop malware.
-
A Russian state-sponsored hacker group, known as Gamaredon, has been targeting Ukrainian-speaking victims in an ongoing cyber-espionage campaign, researchers have found.