On May 27th 2024, an exploit for a critical security flaw in Linux was made public (CVE-2024-2961), which makes it easier to hack into popular PHP applications. We believe we will soon see specific ecommerce attacks using this technique, so we recommend to verify that your infrastructure is up to date.| Sansec
Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated...| Sansec
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.| Sansec
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...| Sansec
Sansec found criminals mass-scanning for defunct.dat files which contain GSocket backdoor keys. A quick scan reveals dozens of infected stores.| Sansec
Increasing use of Content Security Policy (CSP) as PCI-DSS 4.0 goes live on April 1st. However, our research shows that most online stores have not enabled C...| Sansec
