The Cloudflare Blog

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps).

We read NIST’s new guidance on “Implementing a Zero-Trust Architecture” so that you don’t have to. Read this to get the key points on the newly-released NIST Special Publication 1800-35.

We're open-sourcing use-mcp, a React library that connects to any MCP server in just 3 lines of code, as well as our AI Playground, a complete chat interface that can connect to remote MCP servers.

We are happy to announce the General Availability of Cloudflare Log Explorer, a powerful product designed to bring observability and forensics capabilities directly into your Cloudflare dashboard.

Multiple Cloudflare services, including Workers KV, Access, WARP and the Cloudflare dashboard, experienced an outage for up to 2 hours and 28 minutes on June 12, 2025.

June 2025 marks the 11th anniversary of Project Galileo, Cloudflare’s effort to protect vulnerable public interest organizations from cyber threats.

Cloudflare Workers now support FinalizationRegistry, but just because you can use it doesn’t mean you should.

How Knock shipped an AI Agent with human-in-the-loop capabilities with Cloudflare’s Agents SDK and Cloudflare Workers.

Forrester has recognized Cloudflare Email Security as a Strong Performer in the ‘current offering’ category in “The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions.

Workers Builds, our CI/CD product for deploying Workers, monitors build issues by analyzing build failure metadata spread across over one million Durable Objects.

For the third consecutive year, Gartner has named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report.

Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks.

Real-time BGP route visualization is now available on Cloudflare Radar, providing immediate insights into global Internet routing.

Developers have a gut-felt understanding for performance, but that intuition breaks down when systems reach Cloudflare’s scale.

IPv4 is expensive, and moving network resources around is hard. Previously, when customers wanted to use multiple Cloudflare services, they had to bring a new address range.

In line with CISA’s Secure By Design pledge, Cloudflare shares its vulnerability disclosure process, CVE issuance criteria, and CNA duties.

Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.

Cloudflare introduces a one-click integration with Google tag gateway for advertisers.

udpgrm is a lightweight daemon for graceful restarts of UDP servers. It leverages SO_REUSEPORT and eBPF to route new and existing flows to the correct server instance.

Learn how Cloudflare tackles the challenge of scaling global service health metrics to safely release new software across our global network.