Security News > 2024 > October > Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
2024-10-02 12:13
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
News URL
https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-34102 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. | 0.0 |