#SansecAdvisory

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

by

June 26, 2024 at 01:01AM Google has blocked ads for e-commerce sites using Polyfill.io due to a supply chain attack. The Chinese company Funnull acquired the domain and altered the JavaScript library to redirect users to malicious sites, impacting over 110,000 sites. Concerns have been raised about the security and maintenance of the library, prompting … Read more

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

by

June 20, 2024 at 05:32PM A critical vulnerability, “CosmicSting” (CVE-2024-34102), affecting Adobe Commerce and Magento websites, poses a major security threat. Despite a security update being available, the majority of impacted sites remain unpatched, leaving them open to severe attacks. Administrators are urged to apply the recommended fixes immediately, with specific versions provided. For those … Read more