This article explains how Cloudflare's Log Explorer helps security teams investigate multi-vector attacks through correlated telemetry across 14+ log datasets.

Analytics

Logs

Security

Storage

Fixing request smuggling vulnerabilities in Pingora OSS deployments

This post explains three HTTP/1.x request smuggling vulnerabilities (CVE-2026-2833, CVE-2026-2835, CVE-2026-2836) found in the Pingora open source proxy framework, patched in version 0.8.0.

Active defense: introducing a stateful vulnerability scanner for APIs

Cloudflare introduces a stateful Web and API Vulnerability Scanner in beta, starting with detection of Broken Object Level Authorization (BOLA) vulnerabilities.

From reactive to proactive: closing the phishing gap with LLMs

Cloudflare describes how integrating LLMs into their email security pipeline shifts phishing detection from reactive to proactive by mapping the threat landscape at scale.

How Cloudy translates complex security into human action

This post explains how Cloudflare's LLM-powered 'Cloudy' layer translates complex ML security signals into clear, actionable human-readable guidance within Cloudflare One.

Bringing more transparency to post-quantum usage, encrypted messaging, and routing security

Cloudflare introduces new security transparency tools on Radar covering post-quantum encryption, Key Transparency for E2EE messaging, and BGP routing security.

2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults

Cloudflare's Q4 2025 DDoS Threat Report documents a record-breaking 31.4 Tbps attack and a year of unprecedented DDoS escalation.

Architecture•2026-01-27

Building a serverless, post-quantum Matrix homeserver

This post describes a proof-of-concept Matrix homeserver ported to Cloudflare Workers, eliminating traditional operational overhead while adding post-quantum cryptography.

Cloudflare Workers

Durable Objects

Cloudflare Workers KV

How we mitigated a vulnerability in Cloudflare’s ACME validation logic

Cloudflare disclosed and patched a WAF bypass vulnerability in their ACME HTTP-01 challenge validation logic, reported by FearsOff researchers in October 2025.

Astro is joining Cloudflare

Cloudflare has acquired The Astro Technology Company, the team behind the Astro web framework, committing to its continued open-source development.