Magento Archives • Daily CyberSecurity

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge

Do Son April 1, 2026

Magento remains a titan in the e-commerce space, currently “estimated to be running on more than 130,000...

The Stealth Skimmer: How Hackers Weaponized WebRTC to Bypass PCI Security and Siphon Credit Cards WebRTC Web Skimming

The Stealth Skimmer: How Hackers Weaponized WebRTC to Bypass PCI Security and Siphon Credit Cards

Do Son March 30, 2026

When we complacently believed that the checkout portals of e-commerce bastions were enveloped in impenetrable armor, the...

PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild

Do Son March 24, 2026

A critical security flaw in the Magento REST API is currently being weaponized by cybercriminals to hijack...

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

Do Son January 30, 2026

A massive wave of cyberattacks has struck the e-commerce world, targeting the widely used Magento platform with...

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE Magento SessionReaper, RCE Exploitation

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE

Do Son October 29, 2025

The Akamai Security Intelligence Group has issued an urgent warning after observing active exploitation in the wild...

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

Do Son September 9, 2025

Adobe has broken from its regular patch schedule to release an emergency fix for CVE-2025-54236, a vulnerability...

Mimo Strikes Magento: New Campaign Shifts to Cryptojacking, Proxyjacking, & Stealthy Persistence Magento Compromise, Cryptojacking

Mimo Strikes Magento: New Campaign Shifts to Cryptojacking, Proxyjacking, & Stealthy Persistence

Do Son July 23, 2025

The once Craft CMS-focused threat actor known as Mimo—or Mimo’lette—has resurfaced with new vigor, broadening its scope...

Massive E-commerce Supply Chain Attack Uncovered: Hundreds of Stores at Risk Supply Chain Attack, E-commerce Security

Massive E-commerce Supply Chain Attack Uncovered: Hundreds of Stores at Risk

Do Son May 6, 2025

The Sansec Forensics Team has uncovered a coordinated supply chain attack that has silently infected ecommerce infrastructure...

ScreamedJungle Campaign Steals Browser Fingerprints from 115+ Sites

Do Son February 23, 2025

A new report from Group-IB exposes a growing cybersecurity threat: browser fingerprint theft. Cybercriminals are using sophisticated...

Magento Credit Card Skimmer Uses Tag to Evade Detection Magento Credit Card Stealer npm package reverse shell

Magento Credit Card Skimmer Uses Tag to Evade Detection

Do Son February 15, 2025

A new MageCart attack targeting Magento-powered eCommerce websites has been uncovered by researchers at Sucuri, revealing a...

Hackers Exploit Google Tag Manager to Steal Credit Card Data from Magento Sites Google Tag Manager Skimmer

Hackers Exploit Google Tag Manager to Steal Credit Card Data from Magento Sites

Do Son February 9, 2025

In a recent incident, a Magento-based eCommerce website fell victim to a sophisticated credit card skimming attack,...

2024 Payment Fraud Report: E-Skimming, Check Fraud, and Threat Actor Sophistication Soar

Do Son January 23, 2025

Cybercriminals are increasingly targeting both physical and digital payment systems, with over 269 million stolen cards and...

GroupGreeting E-Card Platform Compromised in “zqxq” Campaign GroupGreeting e-card - “zqxq” campaign

GroupGreeting E-Card Platform Compromised in “zqxq” Campaign

Do Son January 11, 2025

The popular e-card platform GroupGreeting.com, used by major companies such as Airbnb, Coca-Cola, and eBay, recently fell...

Credit Card Skimmer Malware Uncovered: Targeting Magento Checkout Pages XCharge C6 vulnerabilities EV charger security flaws GNU libtasn1 Vulnerability CVE-2025-13151 Credit Card Skimmer Malware CVE-2024-13892

XCharge C6 vulnerabilities EV charger security flaws GNU libtasn1 Vulnerability CVE-2025-13151 Credit Card Skimmer Malware CVE-2024-13892

Credit Card Skimmer Malware Uncovered: Targeting Magento Checkout Pages

Do Son November 28, 2024

Magento, a leading eCommerce platform, has once again become the target of sophisticated cybercriminal tactics. Security Analyst...

Adobe Issues Critical Security Updates for Commerce and Magento Platforms PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

Adobe Issues Critical Security Updates for Commerce and Magento Platforms

Do Son August 14, 2024

Adobe has released a critical security update for its widely-used e-commerce platforms, Adobe Commerce and Magento Open...

Cybercriminals Exploit Swap Files: New E-commerce Skimming Tactic credit card skimmers

Cybercriminals Exploit Swap Files: New E-commerce Skimming Tactic

Do Son July 20, 2024

Security analysts at Sucuri have uncovered a novel attack technique targeting e-commerce websites, where cybercriminals abuse swap...

CISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog

Do Son July 17, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, adding three actively exploited...

CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores

Do Son June 20, 2024

A newly discovered vulnerability dubbed “CosmicSting” (CVE-2024-34102) has sent shockwaves through the e-commerce world, potentially jeopardizing millions...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Magento

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge

The Stealth Skimmer: How Hackers Weaponized WebRTC to Bypass PCI Security and Siphon Credit Cards

PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

Mimo Strikes Magento: New Campaign Shifts to Cryptojacking, Proxyjacking, & Stealthy Persistence

Massive E-commerce Supply Chain Attack Uncovered: Hundreds of Stores at Risk

ScreamedJungle Campaign Steals Browser Fingerprints from 115+ Sites

Magento Credit Card Skimmer Uses Tag to Evade Detection

Hackers Exploit Google Tag Manager to Steal Credit Card Data from Magento Sites

2024 Payment Fraud Report: E-Skimming, Check Fraud, and Threat Actor Sophistication Soar

GroupGreeting E-Card Platform Compromised in “zqxq” Campaign

Credit Card Skimmer Malware Uncovered: Targeting Magento Checkout Pages

Adobe Issues Critical Security Updates for Commerce and Magento Platforms

Cybercriminals Exploit Swap Files: New E-commerce Skimming Tactic

CISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog

CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores