Latest Post
Magento 2 Polyshell RCE: Technical Breakdown, PoC & Patch Guide
Deep dive into the Magento 2 Polyshell remote code execution vulnerability — how it works, how to test if you're affected, and how to apply the patch.
Writing
Magento Cloud Articles
Resources and insights on Magento Cloud, including deployments, environments, performance, and operational challenges.
All posts Security(17) Magento 2(34) DevOps(23) AI Development(1) Infrastructure(3) Performance(3) Ramblings(3)
Strengthening Magento 2 Security in CI/CD Pipelines with Sansec Ecomscan
Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.
Check if your Magento site is safe from Session Reaper (CVE-2025-54236)
How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.
Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback
Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback
CosmicSting (CVE-2024-34102): Check and Patch Your Magento Store
Free validator tool to check if your Magento 2 store is vulnerable to CosmicSting (CVE-2024-34102) — 6,500+ stores tested, 2,300+ found vulnerable. Step-by-step patching guide included.
Adobe Commerce - Improved Magento Vars Store Code Configuration
A simplified version of the magento-vars.php store code configuration. That catches both CNAME alias' and dynamic integration urls