 | Enforcing the First AS in BGP AS_PATHs | 2026-06-03 | True | Bryton Herdes | True | | |
| Project Glasswing: what Mythos showed us | 2026-05-18 | True | Grant Bourzikas | True | | |
| How Cloudflare responded to the “Copy Fail” Linux vulnerability | 2026-05-07 | True | Chris J Arges | True | | |
| When DNSSEC goes wrong: how we responded to the .de TLD outage | 2026-05-06 | True | Sebastiaan Neuteboom | True | | |
| From bytecode to bytes: automated magic packet generation | 2026-04-08 | True | Axel Boesenach | True | | |
| Cloudflare Client-Side Security: smarter detection, now open to everyone | 2026-03-30 | True | Zhiyuan Zheng | True | | |
| Fixing request smuggling vulnerabilities in Pingora OSS deployments | 2026-03-09 | True | Edward Wang | True | | |
| Defeating the deepfake: stopping laptop farms and insider threats | 2026-03-04 | True | Ann Ming Samborski | True | | |
| Introducing the 2026 Cloudflare Threat Report | 2026-03-03 | True | Cloudforce One | True | | |
| Toxic combinations: when small signals add up to a security incident | 2026-02-27 | True | Bashyam Anant | True | | |
| 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults | 2026-02-05 | True | Omer Yoachimik | True | | |
| How we mitigated a vulnerability in Cloudflare’s ACME validation logic | 2026-01-19 | True | Hrushikesh Deshpande | True | | |
| React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques | 2025-12-11 | True | Cloudforce One | True | | |
| Cloudflare WAF proactively protects against React vulnerability | 2025-12-03 | True | Daniele Molteni | True | | |
| Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | 2025-12-03 | True | Omer Yoachimik | True | | |
| How a volunteer-run wildfire site in Portugal stayed online during DDoS attacks | 2025-08-21 | True | João Tomé | True | | |
| MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations | 2025-08-14 | True | Alex Forster | True | | |
| Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack | 2025-06-19 | True | Omer Yoachimik | True | | |
| Resolving a request smuggling vulnerability in Pingora | 2025-05-22 | True | Edward Wang | True | | |
| Vulnerability transparency: strengthening security through responsible disclosure | 2025-05-16 | True | Sri Pulla | True | | |
| QUIC action: patching a broadcast address amplification vulnerability | 2025-02-10 | True | Josephine Chow | True | | |
| Resolving a Mutual TLS session resumption vulnerability | 2025-02-07 | True | Matt Bullock | True | | |
| Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4 | 2025-01-21 | True | Omer Yoachimik | True | | |
| Global elections in 2024: Internet traffic and cyber threat trends | 2024-12-23 | True | João Tomé | True | | |
| Exploring Internet traffic shifts and cyber attacks during the 2024 US election | 2024-11-06 | True | João Tomé | True | | |
| How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack | 2024-10-02 | True | Manish Arora | True | | |
| Application Security report: 2024 update | 2024-07-11 | True | Michael Tremante | True | | |
| RADIUS/UDP vulnerable to improved MD5 collision attack | 2024-07-09 | True | Sharon Goldberg | True | | |
| First round of French election: party attacks and a modest traffic dip | 2024-07-03 | True | João Tomé | True | | |
| Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet | 2024-06-26 | True | Matthew Prince | True | | |
| Internet insights on 2024 elections in the Netherlands, South Africa, Iceland, India, and Mexico | 2024-06-07 | True | João Tomé | True | | |
| DDoS threat report for 2024 Q1 | 2024-04-16 | True | Omer Yoachimik | True | | |
| Mitigating a token-length side-channel attack in our AI products | 2024-03-14 | True | Celso Martinho | True | | |
| Eliminate VPN vulnerabilities with Cloudflare One | 2024-03-06 | True | Dan Hall | True | | |
