e-commerce security Archives • Daily CyberSecurity

Shopper Laravel Flaw Exploit Sparks Urgent E-Commerce Security Warning Shopper Laravel flaw Shopper Laravel flaw exploit

Shopper Laravel Flaw Exploit Sparks Urgent E-Commerce Security Warning

Do Son June 8, 2026

Understanding the E-Commerce Admin Panel Threat A severe Shopper Laravel flaw threatens online stores using the popular...

Cache Warmer RCE Flaw Patched in Magento Extension MBS Universal Gateway flaws stack buffer overflow bugs SystemLink authentication bypass privilege escalation bug Cache Warmer RCE flaw Magento PHP object injection

MBS Universal Gateway flaws stack buffer overflow bugs SystemLink authentication bypass privilege escalation bug Cache Warmer RCE flaw Magento PHP object injection

Cache Warmer RCE Flaw Patched in Magento Extension

Do Son June 1, 2026

A critical security vulnerability now threatens thousands of e-commerce storefronts globally. Specifically, security researchers uncovered a severe...

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form PrestaShop XSS Vulnerability CVE-2026-44212

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form

Do Son May 12, 2026

PrestaShop, the global open-source e-commerce powerhouse known for its highly customizable PHP architecture and responsive design, has...

Critical 9.1 SQL Injection Threatens Vendure Core Stores Vendure SQL Injection Shop API Vulnerability

Critical 9.1 SQL Injection Threatens Vendure Core Stores

Do Son April 15, 2026

Vendure Core, the open-source engine powering the enterprise commerce platform Vendure, has recently addressed a high-severity security...

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge

Do Son April 1, 2026

Magento remains a titan in the e-commerce space, currently “estimated to be running on more than 130,000...

The Stealth Skimmer: How Hackers Weaponized WebRTC to Bypass PCI Security and Siphon Credit Cards WebRTC Web Skimming

The Stealth Skimmer: How Hackers Weaponized WebRTC to Bypass PCI Security and Siphon Credit Cards

Do Son March 30, 2026

When we complacently believed that the checkout portals of e-commerce bastions were enveloped in impenetrable armor, the...

PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild

Do Son March 24, 2026

A critical security flaw in the Magento REST API is currently being weaponized by cybercriminals to hijack...

CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores EverShop Vulnerability Second-Order SQL Injection

CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores

Do Son February 12, 2026

A critical vulnerability has been discovered in EverShop, a modern, developer-focused e-commerce platform built on React and...

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

Do Son January 30, 2026

A massive wave of cyberattacks has struck the e-commerce world, targeting the widely used Magento platform with...

“Magecart” Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks Magecart Campaign Fake Stripe Payment Form

“Magecart” Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks

Do Son January 15, 2026

A vast and persistent web-skimming campaign has been unearthed, targeting the checkout pages of online retailers to...

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes CVE-2023-39526 PrestaShop

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes

Do Son January 5, 2026

A critical vulnerability in the widely used PrestaShop e-commerce platform has been analyzed by vulnerability researcher Ananda...

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE Magento SessionReaper, RCE Exploitation

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE

Do Son October 29, 2025

The Akamai Security Intelligence Group has issued an urgent warning after observing active exploitation in the wild...

Magecart Attack Uncovered: Obfuscated JavaScript Steals Credit Card Data WordPress Backdoor

Magecart Attack Uncovered: Obfuscated JavaScript Steals Credit Card Data

Do Son April 22, 2025

The Yarix Incident Response Team has uncovered a sophisticated web skimming operation that weaponized obfuscated JavaScript to...

Fake Font Domain Used in Credit Card Skimming Attack WordPress Backdoor

Fake Font Domain Used in Credit Card Skimming Attack

Do Son April 15, 2025

A recent investigation by Sucuri revealed a sophisticated credit card skimming attack on a WordPress website. The...

Critical Alert 1 Active Exploit Detected Today