MUST READ

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

 | 

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

 | 

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

 | 

Discord discloses third-party breach affecting customer support data

 | 

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

 | 

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

 | 

Zimbra users targeted in zero-day exploit using iCalendar attachments

 | 

Reading the ENISA Threat Landscape 2025 report

 | 

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

 | 

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

 | 

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

 | 

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

 | 

Google warns of Cl0p extortion campaign against Oracle E-Business users

 | 

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

 | 

Allianz Life data breach impacted 1.5 Million people

 | 

Cybercrime group claims to have breached Red Hat 's private GitHub repositories

 | 

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

 | 

Magento

Pierluigi Paganini September 10, 2025
Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. “The bug, dubbed […]

Pierluigi Paganini May 05, 2025
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was […]

Pierluigi Paganini February 11, 2025
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores. Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM) is a free tool that lets website owners manage marketing tags without modifying site code, […]

Pierluigi Paganini October 03, 2024
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. The flaw is an Improper Restriction […]

Pierluigi Paganini July 23, 2024
Hackers abused swap files in e-skimming attacks on Magento sites

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to […]

Pierluigi Paganini April 05, 2024
Magento flaw exploited to deploy persistent backdoor hidden in XML

Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720 (CVSS score of 9.1) is an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code […]

Pierluigi Paganini August 14, 2023
Ongoing Xurum attacks target Magento 2 e-stores

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively exploiting a server-side template injection issue, tracked as CVE-2022-24086, (CVSS score: 9.8), in Adobe Commerce and Magento Open Source. The […]

Pierluigi Paganini November 17, 2022
Magento and Adobe Commerce websites under attack

Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands […]

Pierluigi Paganini September 23, 2022
Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw

Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […]

Pierluigi Paganini September 01, 2022
Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

Hacking / October 07, 2025

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

Hacking / October 07, 2025

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

Cyber Crime / October 07, 2025

Discord discloses third-party breach affecting customer support data

Data Breach / October 06, 2025

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

Security / October 06, 2025