Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors

Overview During a recent malware cleanup investigation, we encountered a compromised Joomla website where the site owner reported a strange issue. Their website displayed a large number of suspicious product links that had nothing to do with their business. These products were not added by the website owner and did not exist in their catalog. […]

Vulnerability & Patch Roundup — March 2026

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Vulnerability & Patch Roundup — February 2026

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Cloudflare One is the first SASE offering modern post-quantum encryption across the full platform

During Security Week 2025, we launched the industry’s first cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust solution, a major step towards securing enterprise network traffic sent from end user devices to public and private networks. But this is only part of the equation. To truly secure the future of enterprise networking, you need […]

Cloudflare outage on February 20, 2026

On February 20, 2026, at 17:48 UTC, Cloudflare experienced a service outage when a subset of customers who use Cloudflare’s Bring Your Own IP (BYOIP) service saw their routes to the Internet withdrawn via Border Gateway Protocol (BGP). The issue was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind. […]

Shedding old code with ecdysis: graceful restarts for Rust services at Cloudflare

ecdysis | ˈekdəsəs | noun the process of shedding the old skin (in reptiles) or casting off the outer cuticle (in insects and other arthropods). How do you upgrade a network service, handling millions of requests per second around the globe, without disrupting even a single connection? One of our solutions at Cloudflare to this […]

Beyond Login Screens: Why Access Control Matters

As breach costs go up and attackers focus on common web features like dashboards, admin panels, customer portals, and APIs, weak access control quickly leads to lost data, broken trust, and costly incidents. The worst part is that many failures are not rare technical flaws but simple mistakes, such as missing permission checks, roles with […]

Vulnerability & Patch Roundup — January 2026

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Shadow Directories: A Unique Method to Hijack WordPress Permalinks

Last month, while working on a WordPress cleanup case, a customer reached out with a strange complaint: their website looked completely normal to them and their visitors, but Google search results were showing something very different. Instead of normal titles and descriptions, Google was displaying casino and gambling-related content. We have been seeing rising cases […]