Big names among thousands infected by payment-card-stealing CosmicSting crooks

October 3, 2024 at 11:49PM Numerous well-known brands’ web stores, including Ray-Ban and National Geographic, were targeted by criminals using the CosmicSting flaw in Adobe’s Commerce and Magento software. The vulnerability, CVE-2024-34102, allowed stolen shopper payment card information. At least seven cybercrime gangs exploited the flaw, despite Adobe’s patch. Multiple groups are fighting for control … Read more

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

September 4, 2024 at 11:53AM Cisco’s online merchandise store is currently offline and undergoing maintenance due to a compromise with malicious JavaScript code that steals sensitive customer details during the checkout process. The attack appears to be a CosmicSting vulnerability, affecting the store’s ability to process transactions and potentially compromising customer data. Cisco has not … Read more

Shopping platform PandaBuy data leak impacts 1.3 million users

April 1, 2024 at 11:05AM Data of over 1.3 million PandaBuy customers has been leaked due to vulnerability exploitation, reportedly by two threat actors. The leaked information includes user IDs, names, contact details, order information, and more. It has been confirmed that leaked emails are valid and originate from PandaBuy. The company has not publicly … Read more

Europol warns 443 online shops infected with credit card stealers

December 22, 2023 at 09:55AM Europol has identified over 400 hacked websites with malicious scripts stealing debit and credit card details from online shoppers. A coordinated international operation involving 17 countries and private entities has uncovered 23 families of JavaScript sniffers. Online merchants are advised to be vigilant and consult Europol’s guide on digital skimming. … Read more