research – Noise

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Alexandra Blia — Mon, 24 Nov 2025 14:21:37 +0000

Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest ...

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons — Wed, 19 Nov 2025 17:30:41 +0000

OverviewTwonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs...

Threat Landscape of the Building and Construction Sector Part Two: Ransomware

Jeremy Makowski — Fri, 14 Nov 2025 14:31:42 +0000

In this second installment of our two-part series on the construction industry, Rapid7 is looking at the specific threat ransomware poses, why the industry is particularly vulnerable, and ways in which threat actors exploit its weaknesses to great effe...

Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report

Rapid7 — Wed, 12 Nov 2025 13:55:11 +0000

The Q3 2025 Threat Landscape Report, authored by the Rapid7 Labs team, paints a clear picture of an environment where attackers are moving faster, working smarter, and using artificial intelligence to stay ahead of defenders. The findings reveal a thre...

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

Jeremy Makowski — Fri, 07 Nov 2025 14:00:00 +0000

In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and...

How AI shapes your feed: An explainable social media simulator for the classroom

Diana Kirby — Thu, 06 Nov 2025 14:01:40 +0000

Social media can have a powerful impact on the way we see and experience the world. What we see in our feeds is not random: it is determined by AI-driven systems that collect vast amounts of data, build user profiles, analyse engagement, and generate recommendations. But while young people are prolific users of social media,…

The post How AI shapes your feed: An explainable social media simulator for the classroom appeared first on Raspberry Pi Foundation.

Fresh insights from old data: corroborating reports of Turkmenistan IP unblocking and firewall testing

Luke Valenta — Mon, 03 Nov 2025 13:00:00 +0000

Cloudflare used historical data to investigate reports of potential new firewall tests in Turkmenistan. Shifts in TCP resets/timeouts across ASNs corroborate large-scale network control system changes.

Beyond IP lists: a registry format for bots and agents

Thibault Meunier — Thu, 30 Oct 2025 22:00:00 +0000

We propose an open registry format for Web Bot Auth to move beyond IP-based identity. This allows any origin to discover and verify cryptographic keys for bots, fostering a decentralized and more trustworthy ecosystem.

Anonymous credentials: rate-limiting bots and agents without compromising privacy

Thibault Meunier — Thu, 30 Oct 2025 13:00:00 +0000

As AI agents change how the Internet is used, they create a challenge for security. We explore how Anonymous Credentials can rate limit agent traffic and block abuse without tracking users or compromising their privacy.

What should be included in a data science curriculum for schools?

Jan Ander — Thu, 30 Oct 2025 11:24:44 +0000

Current artificial intelligence (AI) methods, especially machine learning (ML), rely heavily on data. To complement our work on AI literacy, we have been investigating what data science teaching resources and education research are currently available. Our goal is to work out what data science concepts should be taught in a data science curriculum for schools.…

The post What should be included in a data science curriculum for schools? appeared first on Raspberry Pi Foundation.

How to build your own VPN, or: the history of WARP

Chris Branch — Wed, 29 Oct 2025 13:00:00 +0000

WARP’s initial implementation resembled a VPN that allows Internet access through it. Here’s how we built it – and how you can, too.

One IP address, many users: detecting CGNAT to reduce collateral effects

Vasilis Giotsas — Wed, 29 Oct 2025 13:00:00 +0000

IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result.

Measuring characteristics of TCP connections at Internet scale

Suleman Ahmad — Wed, 29 Oct 2025 13:00:00 +0000

Researchers and practitioners have been studying connections almost as long as the Internet that supports them. Today, Cloudflare’s global network receives millions of connections per second. We explore various characteristics of TCP connections, including lifetimes, sizes, and more.

So long, and thanks for all the fish: how to escape the Linux networking stack

Chris Branch — Wed, 29 Oct 2025 13:00:00 +0000

Many products at Cloudflare aren’t possible without pushing the limits of network hardware and software to deliver improved performance, increased efficiency, or novel capabilities such as soft-unicast, our method for sharing IP subnets across data centers. Happily, most people do not need to know the intricacies of how your operating system handles network and Internet access in general. Yes, even most people within Cloudflare. But sometimes we try to push well beyond the design intentions of Linux’s networking stack. This is a story about one of those attempts.

Defending QUIC from acknowledgement-based DDoS attacks

Apoorv Kothari — Wed, 29 Oct 2025 13:00:00 +0000

We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior.

A framework for measuring Internet resilience

Vasilis Giotsas — Tue, 28 Oct 2025 13:00:00 +0000

We present a data-driven framework to quantify cross-layer Internet resilience. We also share a list of measurements with which to quantify facets of Internet resilience for geographical areas.

Keeping the Internet fast and secure: introducing Merkle Tree Certificates

Luke Valenta — Tue, 28 Oct 2025 13:00:00 +0000

Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.

State of the post-quantum Internet in 2025

Bas Westerbaan — Tue, 28 Oct 2025 13:00:00 +0000

Today over half of human-initiated traffic with Cloudflare is protected against harvest-now/decrypt-later with post-quantum encryption. What once was a cool science project, is the new security baseline for the Internet. We’re not done yet: in this blog post we’ll take measure where we are, what we expect for the coming years, and what you can do today.

The tricky science of Internet measurement

Marwan Fayed — Mon, 27 Oct 2025 13:00:00 +0000

The Internet is one big open system composed of many closed boxes — which makes measuring the Internet difficult. In this post we explore Internet measurement as a science.

How does Cloudflare’s Speed Test really work?

Lai Yi Ohlsen — Mon, 27 Oct 2025 12:00:00 +0000

In this blog post we’ll discuss how Cloudflare thinks about measuring Internet quality, how our own Cloudflare speed test works, and our future plans for providing Internet measurement tools that help everyone build a better Internet.