Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As endpoints became more powerful, more mobile, and more exposed, they also became more prone to attacks. Endpoints remain one of the most targeted entry points for attacks. Attacks today are no longer random; they are targeted, deliberate, and increasingly powered by automated AI discovery tools that hunt for unmanaged gaps. Malware, ransomware, and phishing-based intrusions continue to increase, and their first level of interaction often happens on an endpoint.

Most ATO detection tools are watching the wrong moment. Attackers don’t start at your login page – they start days earlier, registering lookalike domains, cloning your site, and harvesting credentials before your stack sees a single signal. Knowing how to detect account takeover means moving detection upstream: to the reconnaissance stage, the cloning event, and the live harvesting window. That’s where the attack is stoppable.

For many organizations, Grafana is a central operational system. Engineers use it to investigate issues, analyze logs, review infrastructure metrics, and query production-connected databases. But while dashboards are visible, the real sensitivity lies in the underlying data sources Grafana connects to. These data sources often include systems such as logs stored in Elasticsearch or OpenSearch, SQL databases like PostgreSQL or MySQL, and Amazon CloudWatch metrics.

Cyber protection, management and automation of IT deployments is fundamentally an exercise in responsibility and trust. That is especially true in the age of AI, where innovation moves fast and the consequences of failure can be severe. Organizations today need confidence that their IT providers are not only technically capable, but also reliable, transparent and accountable. Entrusting a partner with your infrastructure is the ultimate trust exercise.

Zero trust used to sound like yet another security buzzword. In SaaS environments, it has turned into something far more practical: a way to keep your business moving fast without assuming that anything or anyone is safe just because they are “inside” your systems. Zero trust in SaaS is about treating every login, every device, and every request as something you verify in real time instead of something you blindly trust because it passed a VPN check once.

Production deployments. That’s where multi-agent AI systems live now, not research labs. Salesforce, Microsoft, and Cognition Labs are all running agent pipelines that replaced what used to take entire ops teams. Most businesses still don’t fully understand what they’ve switched on. A multi-agent AI setup isn’t just one model doing more things.

In December 2025, Cloudflare received reports of HTTP/1.x request smuggling vulnerabilities in the Pingora open source framework when Pingora is used to build an ingress proxy. Today we are discussing how these vulnerabilities work and how we patched them in Pingora 0.8.0. The vulnerabilities are CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These issues were responsibly reported to us by Rajat Raghav (xclow3n) through our Bug Bounty Program.

Security is traditionally a game of defense. You build walls, set up gates, and write rules to block traffic that looks suspicious. For years, Cloudflare has been a leader in this space: our Application Security platform is designed to catch attacks in flight, dropping malicious requests at the edge before they ever reach your origin. But for API security, defensive posturing isn’t enough. That’s why today, we are launching the beta of Cloudflare’s Web and API Vulnerability Scanner.

For years, the cybersecurity industry has accepted a grim reality: migrating to a zero trust architecture is a marathon of misery. CIOs have been conditioned to expect multi-year deployment timelines, characterized by turning screws, manual configurations, and the relentless care and feeding of legacy SASE vendors. But at Cloudflare, we believe that kind of complexity is a choice, not a requirement. Today, we are highlighting how our partners are proving that what used to take years now takes weeks.

In its January 2026 report, Emerging Tech: Tech Innovators in Domain-Specific Language Models for SecOps, Gartner examines how domain-specific language models (DSLMs) are reshaping security operations. The report explains that DSLMs are designed to address the limitations of general-purpose language models by focusing on a particular task or use case – in this case, cybersecurity.