The New Pace of Maintenance

ByTadpole Collective

You’ve been hearing from us more than usual lately. Security patches and server reboots have been the main topic. Here’s why, and what we’re doing about it.

The drumbeat has gotten louder

For the past six months, security patches have been arriving faster and with less warning than before. What was once a steady, manageable rhythm has started feeling more like a fire drill. We wanted to explain what’s driving that and what it means for you.

The short version: your site is safe and we are keeping it that way. If you want to know the whys and the hows, keep reading.

Three things that need patching, all at once

A website runs on several layers of software stacked on top of each other – kind of like the plumbing, wiring, and structure of a building. You don’t think about any of it until something needs fixing. Lately, all three layers have needed fixing at the same time.

The control panel (cPanel). Some of the sites we manage live on servers that use cPanel, a tool that hosting companies use to manage many websites from one dashboard handling email, databases, user accounts, and more. In late April, cPanel disclosed a flaw that let attackers skip the login screen entirely and walk straight in with no password required. The severity score was 9.8 out of 10. Federal agencies were given one week to patch. We patched our cPanel servers immediately.

The web server (Apache). This is the software that hands pages to people’s web browsers. Apache runs underneath cPanel, and it also runs on our directly-managed servers. In May, a flaw was found in how Apache handles modern web connections that could let an attacker crash a server or, under the right conditions, run their own code on it. We updated and restarted.

The operating system (Linux). Every server we run, cPanel or otherwise, is built on Linux. In late April, a flaw called “Copy Fail” was disclosed that had been quietly sitting undetected in Linux since 2017. Someone who already had a basic login for the server could use it to gain full administrative control. A ready-to-use exploit was published the same day the flaw was announced, which is unusual. The fix required a reboot.

Three separate patches across three layers in a matter of days, all requiring urgent action to be taken.

Why is this all speeding up?

Security researchers are now using AI tools to find flaws in software much faster than before. That’s genuinely good and bad at the same time.

Good: researchers working on your side can find problems before attackers do, patch them quietly, and move on.

Bad: attackers have the same tools. In May 2026, Google’s Threat Intelligence Group published a report describing the first publicly confirmed case of an exploit built with AI assistance, a working attack designed to bypass two-factor authentication, developed by a known cybercrime group. Google caught it before it was used at scale. But the takeaway is that what used to take weeks of careful work can now take hours.

Alan Dixon, a well-known developer in the CiviCRM community, wrote about this moment as a genuine turning point for internet security. His post is worth a read. We agree with his take: the pace of early 2026 doesn’t feel like a blip.

What we’re doing about it

None of this requires action from you. That’s what we’re here for.

For clients on our Managed Updates service, this work happens in the background. We track the patches, apply them, verify they landed, and confirm everything came back up cleanly. That work has gotten heavier over the past six months, and we expect it to keep growing. But that’s a challenge we are prepared to meet.

One change you may notice: we’re going to be more proactive about letting you know when we need to reboot a server. The reboots are quick; our servers are typically back online in under two minutes. But we’d rather you hear it from us in advance than wonder why your site blinked.

Although the security work behind your website has gotten more demanding, we’re on it. You don’t need to do anything differently but if you ever have questions about what we’re patching or why, we’re always happy to walk you through it.