Updating your website means getting files to your server, but the process can feel like a chore when simply navigating in a conventional hosting panel. FTP and SFTP are essential tools for managing files on your server. Whether you’re uploading website content or downloading backups, these protocols offer a straightforward method to handle your site’s […]
Vulnerability & Patch Roundup — March 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Hidden Malware Strikes Again: Mu-Plugins Under Attack
At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making […]
Quick Guide to Magento Security Patches
Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations. Given the platform’s widespread use, staying updated […]
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP). We are excited to announce OPKSSH (OpenPubkey SSH) has been open-sourced under the umbrella of the OpenPubkey […]
Cloudflare incident on March 21, 2025
Multiple Cloudflare services, including R2 object storage, experienced an elevated rate of errors for 1 hour and 7 minutes on March 21, 2025 (starting at 21:38 UTC and ending 22:45 UTC). During the incident window, 100% of write operations failed and approximately 35% of read operations to R2 failed globally. Although this incident started with […]
Security Week 2025: in review
Thank you for following along with another Security Week at Cloudflare. We’re extremely proud of the work our team does to make the Internet safer and to help meet the challenge of emerging threats. As our CISO Grant Bourzikas outlined in his kickoff post this week, security teams are facing a landscape of rapidly increasing […]
Detecting sensitive data and misconfigurations in AWS and GCP with Cloudflare One
Today is the final day of Security Week 2025, and after a great week of blog posts across a variety of topics, we’re excited to share the latest on Cloudflare’s data security products. This announcement takes us to Cloudflare’s SASE platform, Cloudflare One, used by enterprise security and IT teams to manage the security of […]
Cloudflare is now IRAP assessed at the PROTECTED level, furthering our commitment to the global public sector
We are excited to announce our public sector suite of services for Australia, Cloudflare for Government – Australia, has been assessed under the Infosec Registered Assessor Program (IRAP) at the PROTECTED level in Australia. IRAP, established by the Australian government, provides a rigorous, standardized approach to security assessment for cloud products and services. Achieving IRAP […]
RDP without the risk: Cloudflare's browser-based solution for secure third-party access
Short-lived SSH access made its debut on Cloudflare’s SASE platform in October 2024. Leveraging the knowledge gained through the BastionZero acquisition, short-lived SSH access enables organizations to apply Zero Trust controls in front of their Linux servers. That was just the beginning, however, as we are thrilled to announce the release of a long-requested feature: […]
