Security News

Critical Magento vulnerability targeted in new surge of attacks
2022-09-22 15:52

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites. According to a report published by Sansec today, we have reached that stage, with the critical template vulnerability becoming a favorite in the hacker underground.

Attackers mount Magento supply chain attack by compromising FishPig extensions
2022-09-14 13:01

FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers compromised the FishPig extensions.

Hackers breach software vendor for Magento supply-chain attacks
2022-09-13 15:21

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms
2022-02-18 22:09

Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. "We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them," the company said in a revised bulletin.

Adobe warns of second critical security hole in Adobe Commerce, Magento
2022-02-18 19:20

Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product - and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one. It's tracked as ​​CVE-2022-24087 and - like the earlier vuln, CVE-2022-24086 - impacts both Magento Open Source and Adobe Commerce.

New Critical RCE Bug Found in Adobe Commerce, Magento
2022-02-18 16:55

Another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency patch last weekend. The new flaw, detailed on Thursday, has the same level of severity assigned to its predecessor, which Adobe patched on Feb. 13.

Researchers create exploit for critical Magento bug, Adobe updates advisory
2022-02-17 23:24

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. The vulnerability, which Adobe saw being "Exploited in the wild in very limited attacks," received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate.

CISA tells federal agencies to patch actively exploited Chrome, Magento bugs
2022-02-15 22:59

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

CISA tells agencies to patch actively exploited Chrome, Magento bugs
2022-02-15 22:59

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
2022-02-14 20:08

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.