September 6, 2024 at 04:06PM Russia-based attackers injected data-stealing JavaScript into Cisco’s online store, exploiting an Adobe Magento flaw. Cisco has fixed the issue and addressed the security concern, assuring that only a limited number of users were affected and no credentials were compromised. The attackers exploited a critical vulnerability, and the malicious JS code … Read more
April 5, 2024 at 01:24PM Magecart attackers have devised a new method of implanting persistent backdoors in e-commerce websites to automatically deploy malware. They exploit a critical command injection vulnerability in the Adobe Magento e-commerce platform to execute arbitrary code, using a layout template to inject malware into compromised sites. Upgrading to specific versions of … Read more
December 22, 2023 at 12:42PM A rogue WordPress plugin discovered by threat hunters poses a Magecart campaign threat, creating bogus admin users and injecting malicious code to steal credit card data. The plugin hides in the mu-plugins directory and enables sustained access to the target. This revelation comes amid growing concerns about digital skimming and … Read more
December 20, 2023 at 05:57AM Chinese-speaking threat actors, known as Smishing Triad, have impersonated the UAE Federal Authority for Identity and Citizenship to send malicious SMS messages aimed at gathering sensitive information. They utilize URL-shortening services and fake websites. The group also offers smishing kits for sale and engages in Magecart-style attacks. Another disclosure involves … Read more
October 11, 2023 at 12:53PM Cybercriminal groups behind the Magecart payment-card theft campaigns have developed a new technique to hide their credit card skimming code. They have started hiding JavaScript code in a comment on a targeted website’s 404 error page. By modifying other pages on the site to include a call to a nonexistent … Read more
October 10, 2023 at 08:24AM Akamai’s security researchers have discovered a new Magecart web skimming campaign that incorporates three concealment techniques. One technique involves hiding malicious code in the targeted website’s ‘404’ error page. The campaign, which targets large organizations in the food and retail sectors, follows the typical Magecart pattern of exploiting vulnerabilities, injecting … Read more