Latest Magento news

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks.
- Bill Toulas
- June 20, 2024
- 04:02 PM
- 0
Magento stores targeted in massive surge of TrojanOrders attacks

At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.
- Bill Toulas
- November 16, 2022
- 11:14 AM
- 0
Critical Magento vulnerability targeted in new surge of attacks

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.
- Bill Toulas
- September 22, 2022
- 11:52 AM
- 0
Hackers breach software vendor for Magento supply-chain attacks

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
- Bill Toulas
- September 13, 2022
- 11:21 AM
- 0
Researchers create exploit for critical Magento bug, Adobe updates advisory

Offensive security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday.
- Ionut Ilascu
- February 17, 2022
- 06:24 PM
- 0
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs

The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
- Sergiu Gatlan
- February 15, 2022
- 05:59 PM
- 0
Emergency Magento update fixes zero-day bug exploited in attacks

Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild.
- Ionut Ilascu
- February 14, 2022
- 09:45 AM
- 0
Wave of MageCart attacks target hundreds of outdated Magento sites

Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.
- Bill Toulas
- February 09, 2022
- 01:24 PM
- 0
UK govt warns thousands of SMBs their online stores were hacked

The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal the payment info of customers.
- Sergiu Gatlan
- November 22, 2021
- 03:05 PM
- 0
Adobe fixes critical preauth vulnerabilities in Magento

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.
- Lawrence Abrams
- August 10, 2021
- 05:08 PM
- 0
Hackers hide credit card data from compromised stores in JPG file

Hackers have come up with a sneaky method to steal payment card data from compromised online stores that reduces the suspicious traffic footprint and helps them evade detection.
- Ionut Ilascu
- March 16, 2021
- 05:22 AM
- 0
Adobe fixes critical Reader vulnerability exploited in the wild

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
- Lawrence Abrams
- February 09, 2021
- 12:30 PM
- 0
Credit card stealing malware bundles backdoor for easy reinstall

An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec.
- Sergiu Gatlan
- December 08, 2020
- 11:35 AM
- 0
Magento stores hit by largest automated hacking attack since 2015

In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards.
- Lawrence Abrams
- September 14, 2020
- 09:35 AM
- 0
Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
- Ionut Ilascu
- September 02, 2020
- 03:33 AM
- 0
Magento gets security updates for severe code execution bugs

Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity.
- Sergiu Gatlan
- July 28, 2020
- 01:31 PM
- 0
Magento adds 2FA to protect against card skimming attacks

Adobe has added two-factor authentication (2FA) throughout the Magento platform in response to the widespread number of attacks where skimmer scripts are deployed on hacked e-commerce sites to steal customers' credit cards.
- Sergiu Gatlan
- July 17, 2020
- 02:15 PM
- 0
Adobe fixes critical vulnerabilities in Magento and Illustrator

Adobe has released security updates for Adobe Illustrator, Bridge, and Magento that fix numerous vulnerabilities, including ones that could allow remote code execution.
- Lawrence Abrams
- April 28, 2020
- 02:29 PM
- 0
Visa urges merchants to migrate e-commerce sites to Magento 2.x

Payments processor Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020 to avoid exposing their stores to Magecart attacks and to remain PCI compliant.
- Sergiu Gatlan
- April 09, 2020
- 11:53 AM
- 1
Magento 2.3.4 Fixes Critical Code Execution Vulnerabilities

Magento today updated its e-commerce software for all supported platforms with fixes for multiple vulnerabilities. Some of them have critical severity and hackers could exploit them to run arbitrary code.
- Ionut Ilascu
- January 28, 2020
- 07:17 PM
- 0