Over the past few years, businesses have been fighting against the threat of data breaches and cyberattacks, and customers are trying to find new ways to protect their privacy online and keep their data safe from being shared with third parties. Since 2018, the California Consumer Privacy Act and others, such as the GDPR, have made it a legal obligation for companies to protect user data. As a result, other states are starting to follow suit.

Chances are good that today you’ve sent a message through an end-to-end encrypted (E2EE) messaging app such as WhatsApp, Signal, or iMessage. While we often take the privacy of these conversations for granted, they in fact rely on decades of research, testing, and standardization efforts, the foundation of which is a public-private key exchange.

In 2018, Cloudflare announced 1.1.1.1, one of the fastest, privacy-first consumer DNS services. 1.1.1.1 was the first consumer product Cloudflare ever launched, focused on reaching a wider audience. This service was designed to be fast and private, and does not retain information that would identify who is making a request. In 2020, Cloudflare announced 1.1.1.1 for Families, designed to add a layer of protection to our existing 1.1.1.1 public resolver.

Anyone using the Internet likely touches Cloudflare’s network on a daily basis, either by accessing a site protected by Cloudflare, using our 1.1.1.1 resolver, or connecting via a network using our Cloudflare One products. This puts Cloudflare in a position of great responsibility to make the Internet safer for billions of users worldwide. Today we are providing threat intelligence and more than 10 new security features for free to all of our customers.

Discover how exposed your company is on public GitHub, anonymously and for free.

In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.

When managing an organization’s attack surface, the focus often falls on broad categories like firewalls, endpoints, or software vulnerabilities. Yet, one obvious blind spot is login pages. Login pages are not just entry points for users but potential gateways for attackers. From an EASM point of view, login pages pose important security concerns because of their exposure to the Internet.

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

Security practices in DevOps have evolved from being a minor concern to one of the main focus points, which resulted in the DevSecOps movement. It’s about “shifting security to the left” in the software development lifecycle – so the security measures are a fundamental component. Traditionally, security management was moved to the final stages of developing software, and it has proven its ineffectiveness in dealing with the challenges of modern software projects.

As a security professional considering a robust bot defense strategy, it’s important to understand the ever-evolving nature of bot threats and the critical need for a scalable, robust solution. Traditionally, businesses rely on agent-based bot management solutions, also known as client-side or front-end detection, by deploying small pieces of software (agents) on customer devices to detect malicious activity. However, these approaches carry significant risks.