A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely circumvent customer-configured WAF rules designed to block unauthorized traffic. The Hidden Backdoor in Certificate Validation […]

The post Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.