Blog / Security

I recently discovered an unused URL on a client’s Shopify store: /collections/vendors, which can be a huge security issue. This URL path exists on every Shopify website, takes a query string parameter (?q=), and allows content, such as titles and page details, to be overwritten. Read more

A new Magecart-style exploit is doing its rounds and affecting multiple ecommerce platforms to steal credit card information and infect other sites. This attack is particularly difficult to identify because the code dropped onto the website is encoded and sometimes masked as a Google Tag or a Facebook Pixel code. Read more