Latest Post
Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback
Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback
Writing
Security Articles – Page 2
Blog posts covering application security, infrastructure hardening, vulnerabilities, and incident response.
All posts Security(17) Magento 2(34) DevOps(23) AI Development(1) Infrastructure(3) Performance(3) Ramblings(3)
Blocking TOR exit routes
How do we go about blocking TOR / Onion traffic to our site?
Simple 2 line fix for Polyfill.io Malware in Magento 2
A quick and easy two line fix configuration fix for the Polyfill.io Magento 2 Malware
CosmicSting (CVE-2024-34102): Check and Patch Your Magento Store
Free validator tool to check if your Magento 2 store is vulnerable to CosmicSting (CVE-2024-34102) — 6,500+ stores tested, 2,300+ found vulnerable. Step-by-step patching guide included.
Analyzing a real Magento 2 Stripe CC Scraper Malware Sample
Analyzing Magento 2 Malware used to Scrape Stripe credit card credentials. Injected via the shipping policy in the core_config_data DB table.
Magento 2 Malware Scanning with Sansec Ecomscan - CLI, Automation & Bulk Scans
How to setup and configure Malware scanning with Sansec Ecomscan for a single Magento 2 site or in bulk with Ansible