April 5, 2024 at 07:06AM Sansec reports exploitation of CVE-2024-20720 in Magento, allowing backdoor injection. Adobe patched it in Feb 2024, but unpatched websites remain vulnerable. Threat actors exploit by injecting XML code. Attackers use layout parser and assert package for system command execution. Backdoor is periodically reinfected for remote code execution and payment data … Read more
April 2, 2024 at 11:43AM Russia’s Prosecutor General’s Office has indicted six men for card skimming crimes, involving using malware to steal payment card information from foreign online stores. The suspects are accused of bypassing website security, accessing databases, and selling the stolen card details on the dark web. Authorities advise using digital payment methods … Read more
January 23, 2024 at 10:49AM Retailers in the Middle East and Africa are increasingly targeted by web-skimming attacks, with a recent discovery of such an attack on the Khaadi clothing retail site. Despite the region accounting for a small portion of consumer victims, the threat persists. As web-skimming attacks become more sophisticated, enhanced security measures … Read more
December 28, 2023 at 11:21AM Apache OFBiz, utilized for business operations, contains a critical pre-authentication remote code execution vulnerability, CVE-2023-49070, actively being exploited. A patch to resolve the issue was found incomplete, resulting in the discovered bypass flaw, CVE-2023-51467. The urgency for users to upgrade to version 18.12.11 is emphasized due to the risk of … Read more