October 3, 2024 at 01:20PM Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat … Read more
September 10, 2024 at 12:31PM Wix.com will stop providing services to Russian users on September 12, 2024, blocking all accounts and taking down websites to adhere to new regulations. This affects free and premium users in Russia. Impacted users are advised to transfer their domain or apply for an exemption if they reside in Russia … Read more
September 6, 2024 at 04:06PM Russia-based attackers injected data-stealing JavaScript into Cisco’s online store, exploiting an Adobe Magento flaw. Cisco has fixed the issue and addressed the security concern, assuring that only a limited number of users were affected and no credentials were compromised. The attackers exploited a critical vulnerability, and the malicious JS code … Read more
August 1, 2024 at 03:12AM Facebook users are being targeted by a scam e-commerce network using fake websites to steal personal and financial data through malvertising. The campaign, known as ERIAKOS, targets mobile users with ad lures on Facebook, impersonating well-known brands. Similar criminal networks have been identified, indicating a growing trend in online fraud … Read more
July 7, 2024 at 11:29AM Shopify denies data breach following a threat actor’s sale of alleged customer data stolen from its network. The company attributes the data loss to a third-party app and expects the app developer to notify affected customers. The threat actor, ‘888,’ has a history of selling or leaking data from various … Read more
May 17, 2024 at 05:54AM C/side, a cybersecurity startup, has raised $1.7 million in pre-seed funding led by Scribble Ventures and angel investors. The company offers tools to monitor and secure third-party scripts in browsers, with AI for autonomous detection. C/side plans to use the funding to accelerate product development and expand its partner programs … Read more
April 12, 2024 at 01:57AM Cybersecurity researchers have uncovered a credit card skimmer camouflaged in a fake Meta Pixel tracker script to evade detection. The malware is injected into websites through tools like WordPress plugins and Magento admin panel, allowing the injection of malicious JavaScript. Sites using WordPress and Magento are at risk of another … Read more
April 6, 2024 at 06:33AM Threat actors exploit a critical flaw in Magento, using CVE-2024-20720 to inject a backdoor for arbitrary code execution. The attack involves using Magento layout parser and beberlei/assert package to execute system commands via sed. Russian government has charged six individuals for using skimmer malware to steal credit card information from … Read more
January 22, 2024 at 03:31PM A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning … Read more
December 18, 2023 at 01:59PM VF Corporation, a Colorado-based global apparel firm with 13 brands, including Supreme and The North Face, experienced a cyberattack on December 13, 2023, causing operational disruptions. The company is working to restore IT systems and minimize impact on retail and e-commerce operations, but the full extent and impact of the … Read more