Security News

New versions (2.3.1, 2.2.8 and 2.1.17) of the Magento ecommerce platform were released last week with patches for dozens of vulnerabilities, including critical remote code execution and SQL...

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.

SQL Injection Flaw Can Be Exploited Without Authentication, PrivilegesIf you run a Magento-powered e-commerce site, it's time to patch again. E-commerce sites continued to be targeted by...

If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to...

Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The method is straightforward:...

Magento recently addressed two vulnerabilities that could lead to command execution and local file read, a SCRT security researcher reveals.

Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign.

After compromising large websites or third-party services they use in order to steal credit card information, the Magecart hackers have now turned to vulnerable Magento extensions. read more

Here’s an overview of some of last week’s most interesting news and articles: How metrics can enhance the effectiveness of security programs Choosing the right metrics, for large and smaller...

A card skimming operation has compromised 7339 Magento-based online stores, allowing the attackers to quietly slurp payment card info as it’s being entered by customers. Flagged in early August by...