Security News

Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks
2024-10-03 17:19

Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...]

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
2024-10-02 12:13

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as...

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files
2024-07-23 10:12

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
2024-06-26 08:37

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to...

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
2024-06-20 20:02

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. "CosmicSting is the worst bug to hit Magento and Adobe Commerce stores in two years," says Sansec.

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
2024-04-06 09:43

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
2023-08-14 13:14

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.

Magento shopping cart attack targets critical vulnerability revealed in early 2022
2023-08-11 10:23

Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022. "The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," they said.

Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
2023-06-05 06:29

Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information and credit card data from e-commerce websites. "Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager," Akamai security researcher Roman Lvovsky said.

Magento stores targeted in massive surge of TrojanOrders attacks
2022-11-16 16:14

At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers. Website security firm Sansec warned that almost 40% of Magento 2 websites are being targeted by the attacks, with hacking groups fighting each other over control of an infected site.