Adobe's Isolated Patch Strategy: A Community Response
Adobe's new monthly isolated patch approach for Magento creates maintenance burden. Here's how a community meta-package can help restore sanity to security patching.
Security Articles
Blog posts covering application security, infrastructure hardening, vulnerabilities, and incident response.
Strengthening Magento 2 Security in CI/CD Pipelines with Sansec Ecomscan
Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.
Check if your Magento site is safe from Session Reaper (CVE-2025-54236)
How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.
How to efficiently patch Magento 2 deployments at scale
Approaches to simply deploying patches across a large inventory of Magento 2 deployments
Is 100% uptime a bad goal?
Should you aim for 100% uptime across your servers? Or instead target fluid infrastructure where short lived nodes can spawn and die as required?
The Magento 2 Setup Endpoint is leaking your Magento Version
Have you explicitly disable the Magento 2 setup route in your web server configuration? The vast majority of sites scanned are showing this route as leaking your full Magento Version.
Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback
Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback
Blocking TOR exit routes
How do we go about blocking TOR / Onion traffic to our site?
Simple 2 line fix for Polyfill.io Malware in Magento 2
A quick and easy two line fix configuration fix for the Polyfill.io Magento 2 Malware
Check if your Magento site is safe from CosmicSting (CVE-2024-34102)
How to guide on checking if your Magento 2 store is safe from the CosmicSting (CVE-2024-34102) exploit. And guidance on how to patch and secure your site if it is not.