Magento 2 Polyshell Vulnerability: Detection and Mitigation Guide
How to guide on checking if your Magento 2 store is safe from the Polyshell vulnerability. And guidance on how to patch and secure your site if it is not.
Security Articles
Blog posts covering application security, infrastructure hardening, vulnerabilities, and incident response.
Adobe's Isolated Patch Strategy: A Community Response
Adobe's new monthly isolated patch approach for Magento creates maintenance burden. Here's how a community meta-package can help restore sanity to security patching.
Strengthening Magento 2 Security in CI/CD Pipelines with Sansec Ecomscan
Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.
Check if your Magento site is safe from Session Reaper (CVE-2025-54236)
How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.
How to efficiently patch Magento 2 deployments at scale
Approaches to simply deploying patches across a large inventory of Magento 2 deployments
Is 100% uptime a bad goal?
Should you aim for 100% uptime across your servers? Or instead target fluid infrastructure where short lived nodes can spawn and die as required?
The Magento 2 Setup Endpoint is leaking your Magento Version
Have you explicitly disable the Magento 2 setup route in your web server configuration? The vast majority of sites scanned are showing this route as leaking your full Magento Version.
Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback
Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback
Blocking TOR exit routes
How do we go about blocking TOR / Onion traffic to our site?
Simple 2 line fix for Polyfill.io Malware in Magento 2
A quick and easy two line fix configuration fix for the Polyfill.io Magento 2 Malware