Security Articles

GitHub shares a post-incident analysis on how emergency rate-limiting protections outlived their purpose and began incorrectly blocking legitimate users.

Cloudflare

01 min read

Security•2026-01-13

What we know about Iran’s Internet shutdown

This post documents Iran's Internet shutdown in early January 2026, observed through Cloudflare Radar data amid widespread protests.

Supabase Security Retro: 2025

This post reviews Supabase platform security changes made throughout 2025 and outlines the security defaults planned for 2026.

Cloudflare

11 min read

Security•2026-01-06

A closer look at a BGP anomaly in Venezuela

This post analyzes a BGP route leak involving Venezuela's state-run ISP CANTV (AS8048), arguing the anomaly was likely due to poor routing policy rather than malicious intent.

Innovating to address streaming abuse — and our latest transparency report

Cloudflare's latest transparency report (H1 2025) highlights its evolving approach to combating streaming abuse and copyright infringement.

Streamlining Security Investigations with Agents

Slack's Security Engineering team built an AI agent system to automate and improve security alert investigations at scale.

A Decade of Defense: Celebrating Grab's 10th Year Bug Bounty Program

Grab celebrates the 10th anniversary of its bug bounty program in partnership with HackerOne, reflecting on a decade of collaborative security research.

Post-quantum security for SSH access on GitHub

GitHub is adding a post-quantum secure SSH key exchange algorithm to protect Git data access against future quantum computing threats.

Slack

51 min read

Security•2025-09-04

Building Slack’s Anomaly Event Response

This post introduces Slack's Anomaly Event Response (AER), a proactive security system that automatically terminates user sessions upon detecting suspicious behavior.

Hijacking Amazon EventBridge for launching Cross-Account attacks

This article explores how AWS EventBridge cross-account configurations can be exploited for infiltration, exfiltration, and persistent attacks.

How we built enterprise search to be secure and private

Slack's enterprise search architecture prioritizes security and privacy when integrating external data sources like Google Drive and GitHub into Slack search.

Kube-Policies: Guardrails for Apps Running in Kubernetes

This post describes how a Compute Security team built kube-policies, a custom Kubernetes admission controller on top of Open Policy Agent (OPA) to replace Pod Security Policies with adaptive security guardrails.

Engineering