E-Commerce
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains – googletagmanager.com and api.stripe.com – that are trusted implicitly by online stores. The new malware family was discovered by researchers at […]
Škoda warns of customer data breach after online shop hack
Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. The 130-year-old Czech car maker has over 34,000 employees and reported sales of more than €27 billion and a profit of nearly €2 […]
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in Commerce Cloud and S/4HANA. Commerce Cloud is an enterprise-grade e-commerce platform used by online stores owned by large retailers and global brands, while S/4HANA is a cloud-based Enterprise Resource Planning (ERP) suite that will replace the company’s […]
Hackers use pixel-large SVG trick to hide credit card stealer
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data. The campaign was discovered by eCommerce security company Sansec, whose researchers believe […]
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. There are no signs of the issue being actively exploited in the wild, but eCommerce security company Sansec warns that “the exploit method is circulating already” and expects automated attacks […]
European DYI chain ManoMano data breach impacts 38 million customers
DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider. The company confirmed to GeekFeed that it learned of the hack in January 2026. An investigation into the incident determined that 38 million individuals are affected. “We can confirm that ManoMano has recently notified […]
Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted by e-commerce security firm Sansec, whose researchers previously described SessionReaper as one of the most severe security bugs in the history of the product. Adobe warned about CVE-2025-54236 on September 8, saying that it is […]
Click Profit blocked by the FTC over alleged e-commerce scams
The US Federal Trade Commission (FTC) has taken action against the “Click Profit” business opportunity platform for allegedly earning $14 million while deceiving consumers with false promises of guaranteed passive income through online stores. Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income […]
Hackers steal ZAGG customer’s credit cards in third-party breach
ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce. ZAGG is a consumer electronics accessories maker known for its mobile accessories, such as screen protectors, phone cases, keyboards, and power banks. The Utah-based company has an […]
Over a thousand online shops hacked to show fake product listings
A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping […]