A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely circumvent customer-configured WAF rules designed to block unauthorized traffic. The Hidden Backdoor in Certificate Validation […]

The post Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have uncovered a sophisticated AsyncRAT campaign exploiting Cloudflare’s free-tier services and TryCloudflare tunneling domains to evade detection while delivering remote access trojan payloads through multi-stage infection chains that leverage legitimate infrastructure. Threat actors behind this AsyncRAT operation are weaponizing Cloudflare’s trusted infrastructure to host WebDAV servers, effectively masking malicious activities under legitimate domains […]

The post AsyncRAT and the Misuse of Cloudflare Free-Tier Infrastructure: Detection and Analysis appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Italy fined Cloudflare 14.2 million euros for refusing to block access to pirate sites on its 1.1.1.1 DNS service, the country's communications regulatory agency, AGCOM, announced yesterday. Cloudflare said it will fight the penalty and threatened to remove all of its servers from Italian cities.

AGCOM issued the fine under Italy's controversial Piracy Shield law, saying that Cloudflare was required to disable DNS resolution of domain names and routing of traffic to IP addresses reported by copyright holders. The law provides for fines up to 2 percent of a company's annual turnover, and the agency said it applied a fine equal to 1 percent.

The fine relates to a blocking order issued to Cloudflare in February 2025. Cloudflare argued that installing a filter applying to the roughly 200 billion daily requests to its DNS system would significantly increase latency and negatively affect DNS resolution for sites that aren't subject to the dispute over piracy.

Read full article

Comments

© Getty Images | Bloomberg

Cloudflare's Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks.

You may or may not remember my article Mount Synology NAS in Linux. Being the lucky owner of a Synology DS720+, I sometimes do some interesting things on it besides the standard stuff. And since this site is also my online notebook, I have collected all the things I have configured on my NAS in this article.

The post Bypassing Cloudflare WAF with the origin server IP address appeared first on Detectify Blog.