SecurityWeek
Magento Vulnerability Increasingly Exploited to Hack Online Stores
Sansec warns of a surge in TrojanOrder attacks targeting Magento and Adobe Commerce stores that have not been patched against CVE-2022-24086.
Security Affairs
Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw
Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […]
Security Affairs
Magento and Adobe Commerce websites under attack
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands […]
Security Affairs
Threat actors compromised +500 Magento-based e-stores with e-skimmers
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. Threat actors behind this campaign deployed a digital skimmer that was being loaded from the naturalfreshmall(.)com domain. […]
Bleeping Computer
Over 12% of analyzed online stores expose private data, backups
Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners.
Bleeping Computer
Magento stores targeted in massive surge of TrojanOrders attacks
At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.
Bleeping Computer
Critical Magento vulnerability targeted in new surge of attacks
Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.
Bleeping Computer
Emergency Magento update fixes zero-day bug exploited in attacks
Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild.
DarkReading
Magecart Attackers Pioneer Persistent E-Commerce Backdoor
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
SecurityWeek
Magento Vulnerability Exploited to Deploy Persistent Backdoor
Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites.
Security Affairs
Magento flaw exploited to deploy persistent backdoor hidden in XML
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores.
Ars Technica
Hundreds of e-commerce sites booby-trapped with payment card-skimming malware
Magecart hackers strike again.
Ars Technica
Breach of software maker used to backdoor as many as 200,000 servers
Hack of FishPig distribution server used to install Rekoobe on customer systems.
Bleeping Computer
Wave of MageCart attacks target hundreds of outdated Magento sites
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.
ThreatPost
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
SecurityWeek
Malware Infects Magento-Powered Stores via FishPig Distribution Server
Online Magento stores running Fishpig software have been infected with malware after the FishPig distribution server was compromised.
ZDNet
Adobe urges customers to upgrade after 500 stores breached through Magento platform | ZDNet
Adobe ended support for the Magento 1 e-commerce platform in 2020 but hundreds of companies still use it.
SecurityWeek
Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability
Adobe’s February 2022 patch for a critical mail template vulnerability in Adobe Commerce and Magento stores is being actively bypassed by vendors for compatibility purposes.
SecurityWeek
Web Skimmer Injected Into Hundreds of Magento-Powered Stores
More than 500 online stores running the Magento 1 eCommerce platform were compromised with a digital skimmer
DataBreaches
Action against digital skimming reveals 443 compromised online merchants
Europol, law enforcement authorities from 17 countries and the European Union Agency for Cybersecurity (ENISA) have joined forces with the private sector...
DataBreaches
Wave of MageCart attacks target hundreds of outdated Magento sites
Bill Toulas reports: Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain...
Cyber Security News
Magento Vulnerability Let Attackers Inject Backdoor On E-commerce Websites
A sophisticated vulnerability within the Magento ecommerce platform has been unveiled, posing a significant threat to
Bleeping Computer
Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
CyberScoop
For Magecart groups and other credit-card skimmers, old and new opportunities abound
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
Bleeping Computer
North Korean hackers adapt web skimming for stealing Bitcoin
Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.
CyberNews
Europol warns 443 shops of digital card skimming
Online vendors are frequently unaware that cybercriminals can abuse their systems to defraud shoppers.
The Hacker News
Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
Adobe has released patches for a vulnerability in its Commerce and Magento open-source products that the company says is being actively exploited in
Security Affairs
Critical Magento zero-day flaw CVE-2022-24086 actively exploited
Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086, affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. “Adobe is aware that CVE-2022-24086 has […]
Security Affairs
Europol and ENISA spotted 443 e-stores compromised with digital skimming
A joint law enforcement operation led by Europol and the ENISA identified 443 online shops compromised with web skimming.
The Hacker News
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Exploit alert for Magento users! A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites.
The Hacker News
Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability
Hackers have attempted to exploit a critical zero-day vulnerability in the #WordPress plugin WPGateway to attack more than 280,000 websites.
Latest Hacking News
Adobe Warns Users Of A Critical Magento Zero-Day Under Attack
Exploiting the zero-day allows code execution on target Magento stores. Adobe patched the flaw while confirming active exploitation attempts.
Latest Hacking News
CronRAT Linux Malware Abuses A Non-Standard Date To Evade Detection
CronRAT malware hides in the Linux cron system and schedules task for February 31 to escape detection. Also facilitates Magecart attacks.
Bleeping Computer
Europol warns 443 online shops infected with credit card stealers
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
ZDNet
CISA adds vulnerabilities in Adobe Magento, Google Chrome and Internet Explorer to catalog | ZDNet
Two of the vulnerabilities have a remediation date of March 1.
Bleeping Computer
CISA tells agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
The Hacker News
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
New Magecart campaign is using fake payment screens that look more authentic than the original pages to capture sensitive data of unsuspecting users
Bleeping Computer
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
The Record
Europol identifies hundreds of e-commerce platforms used in digital skimming attacks
A two-month investigation led by authorities in Greece found 443 online sellers being targeted by digital credit card skimming attacks.
The Record
Web skimmers hit 300+ sites hidden inside Google Tag Manager containers
Threat actors have abused a legitimate feature of the Google Tag Manager service to secretly add and deploy malicious JavaScript code to more than 300 e-commerce stores since March this year.