Please turn on your JavaScript for this page to function normally.
Magento
Magento sites under attack through easily exploitable SQLi flaw

A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t …

Magento
Most Magento shops get compromised via vulnerable extensions

Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The …

payment card
Card skimming malware found on thousands of Magento-based sites

A card skimming operation has compromised 7,339 Magento-based online stores, allowing the attackers to quietly slurp payment card info as it’s being entered by …

hand
The Wild West of drive-by cryptocurrency mining

As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …

Magento
PoC for several Magento vulnerabilities released, update now!

DefenseCode has published proof of concept code for two CSRF and stored XSS vulnerabilities affecting a number of versions of the popular e-commerce platform Magento. Magento …

Magento
Defeating Magento security mechanisms: Attacks used in the real world

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in …

biohazard
Magento-based online shops hit with self-healing malware

Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de …

bomb
6000+ compromised online shops – and counting

A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates …

online shop owned
100+ online shops compromised with payment data-stealing code

Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates …

danger
The gravest dangers for CMS-based websites

Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. This makes the life of …

Magento
Year-old critical Magento flaw still exploited, payment info stolen

A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, …

Magento
Magento plugs XSS holes that can lead to e-store hijacking, patch immediately!

Last week, Magento released a very important bundle of patches for their eponymous e-commerce platform that should be implemented as soon as possible. The bundle plugs a …

Don't miss

Cybersecurity news