Cloudflare CDN flaw could expose user location simply by sending an image

A 15-year-old cybersecurity researcher discovered a vulnerability in Cloudflare's content delivery network that could partially de-anonymize users and reveal their general location. The bug allowed attackers to determine which data center processed an image sent through certain messaging platforms, potentially narrowing a target's location to within a 200-mile radius. Cloudflare has since patched the vulnerability, which was disclosed in December 2024. The company emphasized the importance of bug bounties and encouraged researchers to continue reporting such issues.