June 28, 2024 at 05:48AM The polyfill.io domain was suspended due to reports of malicious activity, with the Chinese owner claiming defamation. The domain was used to host polyfills, but reports of potential supply chain risks surfaced. Industry players like Google and Cloudflare took action, redirecting links and warning users. Funnull, the Chinese content delivery … Read more
June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more
May 31, 2024 at 02:38AM Cloudflare’s threat intel team thwarted a month-long phishing and espionage attack targeting Ukraine, attributed to Russia-aligned group FlyingYeti. The attack targeted financially strained citizens after a government moratorium on evictions and utility disconnections ended. Cloudforce One stopped the threat, but the target base might have been vast. FlyingYeti intended to … Read more
May 30, 2024 at 01:27PM Cloudflare disrupted a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign used debt-themed lures to distribute the PowerShell malware COOKBOX. Cloudforce One identified the campaign in mid-April 2024, involving Cloudflare Workers and GitHub, and exploiting a WinRAR vulnerability. Another financially motivated group, UAC-0006, was also identified by … Read more
May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more
May 12, 2024 at 10:55PM Security experts warn of increasing cyber threats in the Asia Pacific, with 78% of cybersecurity professionals in the region reporting incidents in the past year. Cloudflare advocates for a centralized approach to security, offering Everywhere Security platform to mitigate cyber-attacks in distributed work environments. This aligns with ASEAN Digital Masterplan … Read more
April 30, 2024 at 06:15PM The Latrodectus malware is being distributed through phishing emails using Microsoft Azure and Cloudflare lures to appear legitimate and evade security software. This Windows malware downloader, linked to the IcedID malware developers, is increasingly used for phishing campaigns, contact form spam, and initial corporate network access. Infections can lead to … Read more
March 17, 2024 at 10:37PM Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer … Read more
March 8, 2024 at 11:41AM Cloudflare’s San Francisco office features a wall of 100 lava lamps, known as the Wall of Entropy, used to generate randomness for encrypting internet traffic. The lamps’ changing patterns provide physical entropy, enhanced by human movement and changing light conditions. This initiative is part of the League of Entropy, a … Read more
March 4, 2024 at 08:41PM Cloudflare introduces “Firewall for AI,” offering Advanced Rate Limiting to prevent DDoS attacks and Sensitive Data Detection to protect against data leaks. The feature also allows customization of information disclosure, with plans to include prompt validation and offensive topic blocking. It applies to both public and private language models proxied … Read more