Bleeping Computer

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Bleeping Computer

Magento adds 2FA to protect against card skimming attacks

Adobe has added two-factor authentication (2FA) throughout the Magento platform in response to the widespread number of attacks where skimmer scripts are deployed on hacked e-commerce sites to steal ...
Threat Post

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Researchers have disclosed two flaws that could enable remote code execution attacks ...
Threat Post

‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable

A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk. A popular version of the open source Magento ...
ZDNet

Adobe urges customers to upgrade after 500 stores breached through Magento platform

Adobe urged customers using the Magento 1 e-commerce platform to upgrade to the latest version of Adobe Commerce after security company Sansec detected a mass breach of over 500 stores running the ...
Searchenginejournal.com

Magento Critical Vulnerabilities Announced by Adobe

Adobe announced it has released a patch for Magento 2 in order to fix multiple critical vulnerabilities. Some of the vulnerabilities could allow attackers to take over administrator sessions as well ...