October 3, 2024 at 01:20PM Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat … Read more
October 2, 2024 at 09:03AM Cybersecurity researchers have revealed that 5% of Adobe Commerce and Magento stores were hacked using a vulnerability named CosmicSting (CVE-2024-34102), allowing remote code execution. The flaw was patched by Adobe in June 2024 but is being widely exploited. Several companies have been affected, with various groups utilizing the exploit for … Read more
July 5, 2024 at 01:06AM A supply chain attack on the widely-used Polyfill[.]io JavaScript library has affected over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson. The attack involved code modifications redirecting users to adult and gambling websites. The incident led to domain suspensions, content delivery network actions, and warnings of broader … Read more
April 6, 2024 at 06:33AM Threat actors exploit a critical flaw in Magento, using CVE-2024-20720 to inject a backdoor for arbitrary code execution. The attack involves using Magento layout parser and beberlei/assert package to execute system commands via sed. Russian government has charged six individuals for using skimmer malware to steal credit card information from … Read more