Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites […]
Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database […]
Adobe, Mastercard, Visa are warning the owners of the online store running Magento 1.x of updating their installs because it will reach EOL by June 30 Adobe, Mastercard, Visa are warning the owners of online store running Magento 1.x of updating their installs because it will reach the end-of-life (EOL) by June 30 After June […]
Adobe released security updates for Adobe Illustrator, Bridge, and Magento that fix several issues, including multiple remote code execution flaws. Adobe has released security updates that address multiple vulnerabilities in Adobe Illustrator, Bridge, and Magento, including some critical remote code execution flaws. The remote code execution flaws could be exploited by an attacker to execute commands […]
Magento has released version 2.3.4 to address multiple vulnerabilities, some of them are critical code execution issues. Magento version 2.3.4 has addressed several vulnerabilities in its e-commerce platform, come of them are critical code execution issues. The vulnerabilities affect Magento Commerce (2.3.3/2.2.10 and below), Open Source (2.3.3/2.2.10 and below), Enterprise Edition (1.14.4.3 and earlier), and […]
Adobe discloses security breach impacting Magento Marketplace users Adobe discloses a security breach that affected the users of the Magento marketplace website, the incident was discovered last week. Adobe disclosed a security breach that affected the users of the Magento Marketplace portal, the security team discovered the incident on November 21. The Magento Marketplace is […]
Magento addressed flaws that could be exploited by unauthenticated attackers to hijack administrative sessions and completely take over online stores. Magento addressed security vulnerabilities that could be chained by an unauthenticated attacker to hijack administrative sessions and completely take over online stores. The attacker would first exploit a Stored Cross-Site Scripting (XSS) vulnerability to inject […]
Currently of 300,000+ Magento stores, the vast majority of the installs is still running vulnerable versions of the popular content management system. The problem with patches is that sometimes they fix something and sometimes they break something. Sounds strange, right? Well, let us explain ourselves. See, PRODSECBUG-2198 is a security patch for Magento that fixes […]
There is an important news for administrators of e-commerce websites running over the Magento platform, Magento fixed a critical SQL injection flaw. Administrators of Magento e-commerce websites have to update their installations due to the presence of a critical SQL injection vulnerability in the popular CMS. The flaw could have a significant impact considering that […]
Magecart cybercrime gang made the headlines again, the cyber criminal gang is now targeting vulnerable Magento Extensions. Magecart cybercrime gang switches tactic, it is now targeting vulnerable Magento extensions. instead of compromising large websites or third-party services to steal credit card data. In previous campaigns, attackers customize the attack for each victim tailoring the code for each target site according […]