cloudflare
Safeguard articles tagged "cloudflare" — guides, analysis, and best practices for software supply chain and application security.
12 articles
Cloudflare Workers, KV, and Durable Objects: the supply chain view in 2026
Worker bundle composition, wrangler publish trust, and the deploy-from-CI credential blast radius are the supply chain shape of Cloudflare in 2026.
When DNSSEC Goes Wrong: The .de TLD Signing Failure That Took Down German Domains (May 5, 2026)
On May 5, 2026, DENIC published unvalidatable DNSSEC signatures for the .de zone after a deployment defect made its signer generate three key pairs instead of one. Validating resolvers worldwide, including Cloudflare's 1.1.1.1, were forced to return SERVFAIL.
Cloudflare Workers Build Attestations: A Defender's Field Guide
Workers Builds emits provenance attestations for the code it deploys. We trace how to verify them, gate on them, and integrate them into a multi-cloud supply chain program.
Cloudflare Workers: Supply Chain Threat Model
Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.
Cloudflare Code Orange Fail Small: What the Resilience Plan Actually Changes
After November and December 2025 outages, Cloudflare declared Code Orange and shipped a Health Mediated Deployment system, break-glass dependency audits, and graceful-degradation rewrites.
Cloudflare November 18 2025 Outage: A Bot Management Feature File Doubled in Size
A ClickHouse permissions change caused Cloudflare's Bot Management feature file to balloon past a hard-coded proxy limit, taking the core network down for two hours and ten minutes.
Cloudflare Workers KV June 12 2025 Outage: A GCP Dependency Story
A 2-hour, 28-minute Workers KV outage rolled into Access, Gateway, WARP, and Turnstile because the central store sat on GCP. Here is the dependency chain and the R2 re-architecture that followed.
Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem
A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.
Cloudflare R2 February 6, 2025 Outage: When Abuse Tooling Took Down Production
A routine phishing-URL takedown clicked the wrong button and disabled R2 globally for 59 minutes. Here is what went wrong and the two-party approval Cloudflare added afterwards.
Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
Cloudflare's Supply Chain Security Model
How Cloudflare secures the software supply chain for infrastructure that sits between the internet and millions of websites, with lessons on Rust adoption and edge computing security.
0ktapus: The Phishing Campaign That Hit Cloudflare, Twilio, and 130+ Organizations
A single phishing campaign compromised over 130 companies including Cloudflare and Twilio. Here's how the 0ktapus attack chain worked.