December 2025 Summaries
14 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
Cloudflare's expansive global network, with data centers in over 330 cities, necessitated the development of a sophisticated, automated maintenance scheduler to manage the complexities of disruptive maintenance without compromising service reliability. Previously, manual coordination between network operations and infrastructure specialists was inadequate to prevent conflicts during maintenance, which could lead to downtime. The new scheduler, built on Cloudflare Workers, programmatically enforces safety constraints, ensuring that critical operations do not overlap and disrupt services like the Zero Trust product, Aegis. Utilizing graph processing inspired by Facebook's TAO and leveraging Cloudflare's CDN, the system efficiently manages data by making targeted API requests and employing a smart middleware layer to handle subrequest issues. Additionally, the use of Thanos and conversion of historical data into Apache Parquet files allows for efficient real-time and historical analysis, reducing latency and enhancing performance. This system represents a significant advancement in balancing network growth with product performance, although further challenges remain as Cloudflare continues to scale.
Dec 22, 2025
2,586 words in the original blog post.
Cloudflare's latest transparency report for the first half of 2025 highlights its ongoing efforts to manage legal requests and combat abuse, with a particular focus on unauthorized streaming and copyright infringement. As streaming abuse has become more sophisticated with the rise of AI tools, Cloudflare has partnered with rightsholders to improve detection and response processes, resulting in a significant increase in DMCA reports and actions taken against unauthorized streaming. In addition to enhancing technical tools to prevent such abuses, Cloudflare has also navigated the complex landscape of legally-mandated blocking, advocating for proportionate measures that protect user rights and avoid unnecessary overblocking. The company has complied with certain court orders by geoblocking access to infringing content in specific jurisdictions while maintaining a commitment to transparency and due process. Looking ahead, Cloudflare aims to continue collaborating with stakeholders to develop balanced strategies to curb online abuse, leveraging its transparency reports to communicate its principles and progress in this area.
Dec 19, 2025
2,286 words in the original blog post.
In response to two significant network outages in late 2025, Cloudflare has initiated a project called "Code Orange: Fail Small" to enhance its network's resilience and reliability. The outages, caused by rapid, uncontrolled configuration changes, revealed vulnerabilities in the company's deployment processes. Code Orange prioritizes controlled rollouts for configuration changes, similar to their software updates, to prevent widespread disruptions. The initiative also focuses on reviewing and improving system failure modes and adjusting internal procedures to ensure swift access to necessary tools during emergencies, while maintaining strict security protocols. Cloudflare aims to implement these changes by the end of the first quarter of 2026, with ongoing efforts to refine processes and technologies to prevent future incidents.
Dec 19, 2025
1,981 words in the original blog post.
Cloudflare experienced two significant network outages in November and December 2025, affecting a large portion of their services and prompting the company to launch a comprehensive initiative called "Code Orange: Fail Small" to enhance network resilience and prevent future incidents. The first outage was caused by an automatic update to the Bot Management classifier, while the second resulted from a security tool configuration change meant to address a React vulnerability. Both incidents highlighted flaws in how configuration changes were deployed compared to software updates, leading Cloudflare to adopt a more controlled rollout process for configurations, similar to their Health Mediated Deployment (HMD) system for software. The plan involves organized workstreams to require controlled rollouts for configuration changes, review and improve failure modes, and revise internal emergency response procedures to mitigate risks and ensure quick access to necessary tools during incidents. The company aims to make iterative improvements across its network infrastructure to enhance reliability and has committed to completing significant updates by the end of Q1, while maintaining ongoing efforts to address circular dependencies and update security protocols.
Dec 19, 2025
1,981 words in the original blog post.
R2 SQL, Cloudflare's serverless analytics query engine, now supports aggregations, enhancing its capabilities for processing large datasets stored in the R2 Data Catalog. Aggregations, commonly known as "GROUP BY queries", offer a concise summary of data, enabling users to generate reports, identify trends, and detect anomalies efficiently. The integration of aggregation functions builds upon existing filter queries and introduces advanced execution strategies, such as scatter-gather and shuffling, to optimize the processing of vast data volumes across Cloudflare's distributed network. Scatter-gather allows for efficient computation by distributing tasks across worker nodes, which compute intermediary pre-aggregates that are then merged for final results. However, for more complex queries requiring sorting or filtering, a shuffling stage is implemented, where data is redistributed among workers to ensure accurate aggregation across distributed data. This distributed approach reduces the computational burden on a single node by leveraging Cloudflare's comprehensive compute resources, facilitating scalable operations without necessitating external OLAP infrastructure management. As a result, users can perform comprehensive data analysis and reporting within Cloudflare's platform, taking full advantage of its global network and compute capabilities.
Dec 18, 2025
2,071 words in the original blog post.
The 2025 Cloudflare Radar Year in Review provides a comprehensive analysis of Internet trends and patterns observed through Cloudflare's expansive global network, which handled an average of 81 million HTTP requests per second and more than 67 million DNS queries per second. The report highlights key findings across six sections: Traffic, AI, Adoption & Usage, Connectivity, Security, and Email Security, using data from January 1 to December 2, 2025. Significant insights include a 19% global growth in Internet traffic, a doubling of Starlink traffic, and the notable presence of Googlebot in AI and search-related requests. The report also addresses the rise in post-quantum encrypted traffic, the popularity of iOS in mobile device traffic, and the persistence of JavaScript-based tools for web development. In terms of security, the document notes a 6% mitigation rate of global traffic, with significant DDoS attack activity and malicious email threats, while also observing improvements in routing security through increased RPKI valid routes. The report concludes with an emphasis on the dynamic nature of AI trends and encourages exploration of the detailed data available on the Cloudflare Radar microsite.
Dec 15, 2025
11,977 words in the original blog post.
In 2025, the Internet continued to be pivotal in daily life, with Cloudflare's report highlighting significant shifts in the popularity of online services across various categories. Google maintained its position as the leading Internet service, while Facebook and Instagram also ranked highly, with Instagram notably overtaking TikTok. Generative AI saw rapid advancements with ChatGPT as a frontrunner, though competitors like Gemini and Claude gained traction. Social media fragmented further, as platforms like Kwai made strides in emerging markets. E-commerce saw Shopee and Temu rise alongside Amazon, while cryptocurrency remained stable with notable traffic during major events. Video streaming remained steady with YouTube and Netflix at the forefront, and HBO Max entering the Top 10, while news consumption patterns shifted due to AI-powered tools. Messaging platforms like WhatsApp dominated, and Signal saw increased demand for privacy-focused communication. Gaming remained robust, led by Roblox, with PlayStation surpassing Xbox. The report underscores the dynamic nature of Internet services, shaped by cultural, technological, and geopolitical factors.
Dec 15, 2025
6,258 words in the original blog post.
On December 3, 2025, the React Team disclosed a critical vulnerability, CVE-2025-55182, known as React2Shell, which affects servers using the React Server Components Flight protocol by allowing remote code execution through unsafe deserialization. This vulnerability quickly attracted exploitation attempts, especially from Asia-linked threat groups, using various tools for scanning and reconnaissance. In addition to React2Shell, two other related vulnerabilities, CVE-2025-55183 and CVE-2025-55184, were disclosed, both concerning React Server Component implementations. Cloudflare responded by deploying new Web Application Firewall (WAF) rules to protect against these vulnerabilities, but emphasized the importance of patching affected systems as the most reliable defense. The initial wave of exploitation involved systematic probing and leveraging public vulnerability intelligence and scanning tools, with a focus on high-value targets and strategic regions. Cloudflare's mitigation efforts included continuous monitoring and rule updates to adapt to evolving exploit tactics, highlighting the persistent threat posed by these vulnerabilities.
Dec 11, 2025
2,137 words in the original blog post.
Cloudflare's platform emphasizes the importance of its internal Customer Zero team, which uses Cloudflare's own products to ensure security and optimize services, highlighting the challenges of managing security at a global scale. To address these challenges, Cloudflare has adopted a "shift left" approach, integrating security checks early in the software development lifecycle to minimize human error and ensure consistent security configurations across its numerous accounts. This strategy involves treating configurations as code using Infrastructure as Code (IaC) methodologies, primarily through Terraform and a custom CI/CD pipeline, to maintain security baselines and enforce policy compliance. Cloudflare's approach includes using Policy as Code with the Open Policy Agent to automate policy enforcement, allowing for efficient handling of exceptions and minimizing configuration drift. Despite hurdles such as onboarding existing resources and maintaining feature parity with their Terraform provider, Cloudflare's proactive governance model enhances engineering efficiency by ensuring compliance and reducing the risk of errors.
Dec 09, 2025
1,693 words in the original blog post.
Cloudflare has enhanced its Python Workers platform to offer a more efficient and developer-friendly experience, featuring fast cold starts and comprehensive package support via the Pyodide WebAssembly runtime. This improvement allows developers to deploy Python applications globally with ease, leveraging tools like FastAPI and integrating various Python packages, including those requiring dynamic libraries. The platform's performance is notably superior, with cold start times 2.4 times faster than AWS Lambda and 3 times faster than Google Cloud Run, achieved through memory snapshots that store and restore the runtime state efficiently. Additionally, Cloudflare introduced the pywrangler tool to streamline package management and deployment, ensuring compatibility with existing Python ecosystems and enabling functionalities like type hints generation. These advancements, combined with the platform's serverless architecture and sharding strategy, offer a robust solution for developers looking to build and deploy Python applications at scale without the overhead of managing infrastructure.
Dec 08, 2025
2,360 words in the original blog post.
On December 5, 2025, Cloudflare experienced a significant network failure affecting approximately 28% of its HTTP traffic due to a change in body parsing logic intended to mitigate a vulnerability in React Server Components. The incident lasted around 25 minutes and was not the result of a cyber attack but rather an internal error caused by a combination of circumstances, including the propagation of changes to Cloudflare's Web Application Firewall (WAF) and issues with the FL1 proxy's handling of a specific "execute" action in its ruleset. The error was linked to a Lua exception resulting from a longstanding bug in the code, which did not manifest in the newer FL2 proxy written in Rust. Efforts are underway to improve Cloudflare's deployment processes, including enhanced rollouts, streamlined critical operations, and "fail-open" error handling, to prevent similar incidents. The company acknowledged the impact on customers and is taking steps to ensure better mitigation and rollback systems are in place, with a commitment to publishing a detailed breakdown of ongoing resiliency projects.
Dec 05, 2025
1,385 words in the original blog post.
Cloudflare has implemented a new protection strategy to address a critical Remote Code Execution (RCE) vulnerability in React Server Components affecting applications using React and its frameworks like Next.js and React Router. This vulnerability, identified in React versions 19.0 to 19.2 and Next.js versions 15 through 16, involves insecure deserialization of malicious requests. To safeguard users, Cloudflare has introduced new rules across its network with a default action set to block, protecting all customers whose traffic is routed through its Web Application Firewall (WAF). While Cloudflare Workers are not affected by this exploit, all users are urged to update to the latest versions of React and Next.js for additional security. The deployment of these rules is part of Cloudflare's ongoing effort with security partners to monitor and adapt to potential attack variations, ensuring robust protection for all proxied traffic.
Dec 03, 2025
369 words in the original blog post.
Cloudflare's 23rd Quarterly DDoS Threat Report for Q3 2025 highlights the significant escalation in Distributed Denial of Service (DDoS) attacks, driven primarily by the Aisuru botnet, which executed hyper-volumetric attacks reaching peaks of 29.7 Tbps and 14.1 Bpps. The report notes a 54% quarter-over-quarter increase in such attacks, averaging 14 daily, and emphasizes the surge in DDoS attacks against AI companies and industries like Automotive and Mining, correlating with geopolitical tensions and regulatory scrutiny. Cloudflare's network successfully mitigated 8.3 million attacks in the quarter, reflecting a 15% increase QoQ and 40% YoY, with network-layer attacks accounting for 71% of the total. The report underscores the growing sophistication of DDoS strategies and the inadequacy of traditional mitigation solutions, highlighting Cloudflare's autonomous systems' ability to detect and neutralize these threats efficiently. Amidst rising attack volumes, Indonesia was identified as the largest source of DDoS attacks, while geopolitical events fueled attack spikes in countries like the Maldives and France.
Dec 03, 2025
1,811 words in the original blog post.
Replicate, a platform that simplifies running machine learning models, has officially joined Cloudflare to leverage its robust network and infrastructure. Since its inception in 2019, Replicate has focused on making research models accessible to developers by abstracting the complexities of machine learning and GPU management, akin to how Heroku simplified web hosting. They introduced tools like Cog, a packaging format for models, and provided APIs for running these models at scale, which proved timely with the release of Stable Diffusion in 2022. The company has seen the evolution of AI engineering into a sophisticated field requiring a comprehensive stack that includes model inference, microservices, content delivery, and more. By partnering with Cloudflare, Replicate aims to enhance this AI stack, offering capabilities like running models on the edge and integrating with various cloud functions, thereby realizing the vision of a network-based AI infrastructure. This partnership promises to build on Replicate's pioneering work in generative AI, further enabling a community of developers and researchers.
Dec 01, 2025
506 words in the original blog post.