Security News

Hacked Magento Sites Steal Card Data, Spread Malware
2018-04-03 15:37

Cybercriminals are targeting websites running the Magento platform to inject them with code that can steal credit card data and infect visitors with malware, Flashpoint reports. The open-source...

Badmins: Magento shops brute-forced to scrape card deets and install cryptominers
2018-04-01 00:00

Change your passw... ugh, what's the point? Hackers have compromised hundreds of e-commerce sites running the popular open-source Magento platform to scrape credit card numbers and install...

PoC for several Magento vulnerabilities released, update now!
2017-10-05 22:14

DefenseCode has published proof of concept code for two CSRF and stored XSS vulnerabilities affecting a number of versions of the popular e-commerce platform Magento. Magento is an open source...

Magento Patches Critical Vulnerability in eCommerce Platforms
2017-09-15 10:53

Magento this week released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 to address numerous vulnerabilities, including a remote code execution bug rated Critical severity. read more

Defeating Magento security mechanisms: Attacks used in the real world (Help Net Security)
2017-05-09 20:22

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future...

‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable (Threatpost)
2017-04-13 16:51

A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.

Credit Card Scrapers Continue to Target Magento (Threatpost)
2017-03-13 18:52

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

Magento-based online shops hit with self-healing malware (Help Net Security)
2017-02-17 20:00

Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de Groot. De Groot is the...