Magento
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. According to eCommerce security company Sansec, hackers started exploiting the critical PolyShell issue en masse last week, just two days after public disclosure. “Mass exploitation of PolyShell started on March 19th, and […]
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. There are no signs of the issue being actively exploited in the wild, but eCommerce security company Sansec warns that “the exploit method is circulating already” and expects automated attacks […]
Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted by e-commerce security firm Sansec, whose researchers previously described SessionReaper as one of the most severe security bugs in the history of the product. Adobe warned about CVE-2025-54236 on September 8, saying that it is […]
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of ” the most severe” flaws in the history of the product. Today, the software company released a patch for the security issue that could be exploited without authentication to take control of […]
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025. “Multiple vendors were […]
Casio UK online store hacked to steal customer credit cards
Casio UK’s e-shop at casio.co.uk was hacked to include malicious scripts that stole credit card and customer information between January 14 and 24, 2025. Any customers who made purchases between those dates may have had their personal details and credit card data stolen by hackers. The incident was discovered by JSCrambler, who notified Casio on January 28. The […]
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks
Adobe Commerce and Magento online stores are being targeted in “CosmicSting” attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-34102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve remote code execution on the […]