Home / Companies / Cloudflare / Blog / February 2025

February 2025 Summaries

14 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare's 2024 Transparency Reports are now live, featuring new topics, data points, and a revamped format. The reports provide information on how Cloudflare handles legal requests and abuse reports for websites using its services, aligning with the European Union's Digital Service Act (DSA). The DSA sets transparency reporting obligations for different services, including baseline requirements for intermediary services like Cloudflare's security and performance services. The 2024 reports include more detailed data on hosted content abuse, automated steps to mitigate phishing and technical abuse, and information on additional types of requests for customer information. The reports are divided into two parts, addressing legal requests for information and abuse processes, with warrant canary statements available separately. Cloudflare will continue to publish transparency reports twice a year, evolving its approach to provide meaningful transparency in line with company principles and regulatory requirements.
Feb 28, 2025 865 words in the original blog post.
Cloudflare's 1.1.1.1 resolver has grown significantly since its launch in April Fool's Day 2018, handling an average of 1.9 trillion queries per day from around 250 locations worldwide. The new DNS page on Cloudflare Radar provides insights into Internet activity beyond simple web traffic trends, including aggregate traffic and usage trends seen across 1.1.1.1 resolver traffic. The page analyzes global, location, and autonomous system (ASN) traffic trends, as well as protocol usage, query and response characteristics, and DNSSEC usage. It also explores the adoption of transport protocols such as UDP, DoT, and DoH, and provides a breakdown of DNS record types, response codes, and cache hit ratios. The page highlights the importance of DNS security extensions like DNSSEC and the need for further adoption of encryption and DNSSEC to protect against tampering. Overall, the new DNS page aims to provide visibility into what's going on behind the scenes of DNS operations at a global, national, and network level.
Feb 27, 2025 2,545 words in the original blog post.
The introduction of Guardrails in AI Gateway aims to address the challenges of deploying AI safely and confidently. Developers face difficulties balancing rapid innovation with regulatory requirements, and the lack of visibility into unsafe or inappropriate content can be a significant issue. To mitigate these risks, AI Gateway has introduced safety guardrails that provide comprehensive observability and granular control over content moderation. These guardrails ensure a consistent and safe experience, regardless of the model or provider used, by intercepting and inspecting user prompts and model responses for potentially harmful content. The solution is powered by Llama Guard, Meta's open-source content moderation and safety tool, which detects harmful or unsafe content in both user inputs and AI-generated outputs. With Guardrails, developers can focus on innovation while knowing that risks are proactively mitigated, and their AI applications operate responsibly.
Feb 26, 2025 1,621 words in the original blog post.
We're excited to share a few announcements on how we're making it even easier to build AI agents on Cloudflare, including the introduction of a new JavaScript framework called `agents-sdk`. This framework allows you to build AI agents that can autonomously execute tasks by making decisions about tool usage and process flow. With `agents-sdk`, you can now add agent powers to any existing Workers project with just one command, or bootstrap your project with the `agents-starter` template. The framework provides a range of features, including state management APIs, integration with React applications via a `useAgent` hook, and support for human-in-the-loop use-cases. We believe that Cloudflare is the ideal platform for building agents and AI applications due to its serverless infrastructure, globally distributed fleet of GPUs, and durable execution capabilities. With `agents-sdk`, you can build agents that can run on top of Durable Objects, which provide a robust programming model for handling complex operations like long-running deep thinking LLM calls. We're constantly working to make it better, and we invite you to join our Discord community to share your ideas and get feedback from our team.
Feb 25, 2025 2,646 words in the original blog post.
Cloudflare has partnered with the CyberPeace Institute to help civil society organizations protect themselves against cyber attacks. The partnership aims to strengthen defenses against phishing and other cyber threats, particularly for vulnerable communities that often lack resources to protect themselves. Through their collaboration, Cloudflare is providing free cybersecurity services, including its Email Security product, to support these organizations. A new resource called the CyberPeace Tracer has been developed to gather and analyze data on cyber attacks and disinformation campaigns targeting NGOs, non-profits, and charities. The Tracer provides real-time insights into phishing campaigns and helps organizations learn from others' experiences to implement best practices and reduce the likelihood of future attacks. This partnership aims to improve cybersecurity resources for vulnerable communities and enable them to collaborate on solutions and share threat intelligence.
Feb 17, 2025 949 words in the original blog post.
The Linux kernel produces a hung task warning message in its log when the process is stuck in an uninterruptable state and hasn't been scheduled on the CPU for an unexpectedly long period of time. The warning can indicate that there's a problem with the system resources, such as a file system issue or a deadlock caused by a mutex lock. To debug these warnings, it's essential to analyze the stack trace and understand the context in which the process is stuck. The hung task message can be misleading, pointing to the victim rather than the offender, so it's crucial to investigate further. By examining the kernel logs and system metrics, developers can identify potential issues and take corrective actions to resolve the problem. In some cases, the issue might be related to a specific application or subsystem, such as a Wireguard config change in example #3. The hung task warnings serve as an early warning system for potential problems, allowing developers to take proactive measures to prevent system crashes and downtime. By enabling these warnings and understanding how they work, developers can improve their systems' reliability and performance.
Feb 14, 2025 2,305 words in the original blog post.
Cloudflare has introduced an automatic audit logging system, which provides visibility into who performed an action, what the action was, when it occurred, where it happened, and how it was executed. The new system unifies audit logging across Cloudflare products, generating standardized logs in a seamless way, eliminating reliance on individual teams. It now covers 111 products, expanding coverage from 75% to 95%, and includes features like granular filtering, enhanced context and transparency, comprehensive activity capture, and redaction of sensitive information. The system is available exclusively through the API for the beta release and will be integrated into the Cloudflare dashboard in the future. The goal is to provide a complete and consistent view of the environment's activity while enhancing security, transparency, and efficiency.
Feb 13, 2025 1,596 words in the original blog post.
In 2024, the trends in online behavior during Christmas and New Year's Eve remained consistent with those of 2023, demonstrating the enduring impact of cultural traditions on global Internet usage. In Europe, Christmas Eve continued to be the main offline moment, with significant drops in traffic reaching up to 67% in Denmark and 66% in Spain. In North and Latin America, December 25 remained a key day for reduced online activity, with traffic declines ranging from 26% in the US to up to 70% at midnight in Argentina. Across Asia, unique cultural events drove distinct periods of disconnection, with the Lunar New Year showing peak drops around January 29 in China, Hong Kong, Singapore, and Vietnam. The data reinforces the idea that traditional celebrations continue to shape our relationship with technology, even as the Internet connects billions of people worldwide.
Feb 11, 2025 5,259 words in the original blog post.
Cloudflare recently discovered a broadcast amplification vulnerability in its QUIC Internet measurement research through an anonymous security researcher group. The team collaborated with the researchers and implemented a mitigation to secure their infrastructure. The vulnerability was triggered by sending a QUIC Initial packet to one of Cloudflare's broadcast addresses, which resulted in a large response, exceeding the RFC's 3x amplification limit. The issue arose because the QUIC protocol's broadcast functionality, combined with the use of anycast prefixes and socket options like SO_REUSEPORT, allowed an attacker to amplify traffic sent to the broadcast address, potentially causing a denial-of-service (DoS) attack. To mitigate this vulnerability, Cloudflare removed the route itself from their deployment system, ensuring that all broadcast routes attached to the loopback interface are treated no differently than any other address in the range, effectively preventing amplification attacks. The incident highlights the importance of assessing systems for configurations that may present a local amplification attack vector and encourages network administrators and security professionals to take proactive measures to secure their infrastructure.
Feb 10, 2025 2,112 words in the original blog post.
The Cloudflare Mutual TLS (mTLS) implementation was found to have a vulnerability in its session resumption handling, which allowed attackers to bypass mTLS authentication and access protected resources. The vulnerability was reported via Cloudflare's Bug Bounty Program and was tracked as CVE-2025-23419. Cloudflare mitigated the issue within 32 hours after being notified by disabling TLS session resumption for all customers using mTLS. Customers can implement mTLS through Cloudflare API Shield with Custom Firewall Rules and the Cloudflare Zero Trust product suite, which establishes a secure connection between the client and server. The vulnerability was caused by an incorrect use of BoringSSL's session cache partitioning API, which allowed attackers to reuse cached client certificates without re-validating them against the full certificate chain. To mitigate this issue, Cloudflare has added additional logging headers to its logs, allowing customers to detect future issues and enforce stricter authentication policies.
Feb 07, 2025 1,331 words in the original blog post.
The Cloudflare R2 object storage service experienced a 59-minute outage on February 6, 2025, affecting multiple services including Stream, Images, Cache Reserve, Vectorize, and Log Delivery. The incident was caused by human error and insufficient validation safeguards during an abuse remediation process for a phishing site hosted on R2. The R2 Gateway service, responsible for authenticating and serving requests to R2's S3 and REST APIs, was inadvertently disabled, leading to a cascade of failures across dependent services. Despite the outage, no data was lost or corrupted within the R2 storage subsystem. Cloudflare has taken steps to remediate the issue, including implementing additional system-level controls, deploying guardrails in the Admin API, and restricting access to product disablement actions. The company is committed to improving its systems and workflows to prevent similar incidents in the future.
Feb 07, 2025 2,418 words in the original blog post.
Cloudflare has announced its commitment to achieving various government security certifications, including the US Federal Risk and Authorization Management Program (FedRAMP) - High, Australian Infosec Registered Assessors Program (IRAP), and Spain’s Esquema Nacional de Seguridad (ENS). This move aims to provide industry-standard tools for governments and regulated industries to ensure uptime, reliability, and performance. Cloudflare has built its government compliance capabilities into its platform from the beginning, leveraging its global network of over 330 cities in 120 countries to deliver critical controls in traffic processing, management, and metadata storage. The company's single-platform strategy enables most of its products and services to be included in scope with Cloudflare for Government, ensuring that regulated customers can meet complex security requirements without segmentation. With this expansion, Cloudflare is expanding its FedRAMP Moderate authorization to include more products, such as API Shield, R2, Cache Reserve, and Cloud Access Security Broker (CASB), and plans to introduce two new products in 2025: Hyperdrive and Cloudflare Images. The company's commitment to post-quantum cryptography and industry-recognized technologies strengthens the public sector systems, while its Spanish security certification demonstrates its dedication to obtaining country-specific authorizations.
Feb 05, 2025 1,221 words in the original blog post.
Cloudflare has launched a new "AI Insights" page on its Radar platform, providing visibility into AI-related trends and metrics. The page incorporates an AI bot & crawler traffic graph that tracks the top five most active AI bots and crawlers globally, as well as insights into the popularity of publicly available Generative AI services based on DNS request traffic. Additionally, the page offers analysis of robots.txt files to understand how content providers are handling AI bots, and provides visibility into the popularity of models and tasks on Cloudflare Workers AI. The new page aims to provide timely trends and information about the dynamic AI space, enabling industry observers and participants to better understand its evolution over time.
Feb 04, 2025 1,122 words in the original blog post.
Cloudflare Images has integrated the Coalition for Content Provenance and Authenticity (C2PA) provenance standard, allowing content creators to preserve the entire provenance chain of their digital media across the Cloudflare network. This integration enables news organizations, journalists, and content companies to create an auditable chain of digital provenance whose claims can be verified using public-key cryptography. With this feature, users can now ensure that their images are preserved with their original metadata, including camera settings, editing software used, and any transformations made, providing a tamper-evident trail for the entire content creation process. The integration is available through the Cloudflare dashboard, where users can toggle on the "Preserve Content Credentials" option to enable this feature for their images.
Feb 03, 2025 1,971 words in the original blog post.