TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Cloudflare patched a WAF bypass vulnerability in its ACME validation logic that allowed attackers to circumvent security rules and directly access origin servers. The flaw stemmed from improper validation of ACME challenge tokens - the system disabled WAF features when processing requests matching active challenge tokens without verifying the token belonged to the requested hostname. Reported through Cloudflare's bug bounty program in October, the issue was fixed by ensuring WAF features only disable for valid hostname-specific ACME challenges. No evidence of exploitation exists, though researchers warn AI-driven attacks could increasingly target such bypass vulnerabilities.

Cloudflare whacks WAF bypass bug that opened side door