SecurityWeek
Magento Vulnerability Increasingly Exploited to Hack Online Stores
Sansec warns of a surge in TrojanOrder attacks targeting Magento and Adobe Commerce stores that have not been patched against CVE-2022-24086.
SecurityWeek
Sansec warns of a surge in TrojanOrder attacks targeting Magento and Adobe Commerce stores that have not been patched against CVE-2022-24086.
Security Affairs
Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […]
Security Affairs
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands […]
Security Affairs
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. Threat actors behind this campaign deployed a digital skimmer that was being loaded from the naturalfreshmall(.)com domain. […]
Bleeping Computer
Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners.
Bleeping Computer
At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.
Bleeping Computer
Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.
Bleeping Computer
Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild.
DarkReading
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
SecurityWeek
Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites.
Security Affairs
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores.
Ars Technica
Magecart hackers strike again.
Ars Technica
Hack of FishPig distribution server used to install Rekoobe on customer systems.
Bleeping Computer
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.
ThreatPost
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
SecurityWeek
Online Magento stores running Fishpig software have been infected with malware after the FishPig distribution server was compromised.
ZDNet
Adobe ended support for the Magento 1 e-commerce platform in 2020 but hundreds of companies still use it.
SecurityWeek
Adobe’s February 2022 patch for a critical mail template vulnerability in Adobe Commerce and Magento stores is being actively bypassed by vendors for compatibility purposes.
SecurityWeek
More than 500 online stores running the Magento 1 eCommerce platform were compromised with a digital skimmer
DataBreaches
Europol, law enforcement authorities from 17 countries and the European Union Agency for Cybersecurity (ENISA) have joined forces with the private sector...
DataBreaches
Bill Toulas reports: Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain...
Cyber Security News
A sophisticated vulnerability within the Magento ecommerce platform has been unveiled, posing a significant threat to
Bleeping Computer
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
CyberScoop
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
Bleeping Computer
Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.
CyberNews
Online vendors are frequently unaware that cybercriminals can abuse their systems to defraud shoppers.
The Hacker News
Adobe has released patches for a vulnerability in its Commerce and Magento open-source products that the company says is being actively exploited in
Security Affairs
Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086, affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. “Adobe is aware that CVE-2022-24086 has […]
Security Affairs
A joint law enforcement operation led by Europol and the ENISA identified 443 online shops compromised with web skimming.
The Hacker News
Exploit alert for Magento users! A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites.
The Hacker News
Hackers have attempted to exploit a critical zero-day vulnerability in the #WordPress plugin WPGateway to attack more than 280,000 websites.
Latest Hacking News
Exploiting the zero-day allows code execution on target Magento stores. Adobe patched the flaw while confirming active exploitation attempts.
Latest Hacking News
CronRAT malware hides in the Linux cron system and schedules task for February 31 to escape detection. Also facilitates Magecart attacks.
Bleeping Computer
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
ZDNet
Two of the vulnerabilities have a remediation date of March 1.
Bleeping Computer
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
The Hacker News
New Magecart campaign is using fake payment screens that look more authentic than the original pages to capture sensitive data of unsuspecting users
Bleeping Computer
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
The Record
A two-month investigation led by authorities in Greece found 443 online sellers being targeted by digital credit card skimming attacks.
The Record
Threat actors have abused a legitimate feature of the Google Tag Manager service to secretly add and deploy malicious JavaScript code to more than 300 e-commerce stores since March this year.