SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)
Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated...| Sansec
Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated...| Sansec
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.| Sansec
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...| Sansec
Sansec found criminals mass-scanning for defunct.dat files which contain GSocket backdoor keys. A quick scan reveals dozens of infected stores.| Sansec
Increasing use of Content Security Policy (CSP) as PCI-DSS 4.0 goes live on April 1st. However, our research shows that most online stores have not enabled C...| Sansec
Simple, integrated & free CSP monitoring for Magento| Sansec
The PCI Security Standards Council (PCI SSC) is pleased to announce the release of a Frequently Asked Question (FAQ), developed in direct response to industry requests for greater clarity on the new eligibility criteria for the recently revised Self-Assessment Questionnaire (SAQ) A.| blog.pcisecuritystandards.org
Browser-based protection can easily be bypassed by the majority of digital skimming attacks.| Sansec
In response to stakeholder feedback regarding the complexity of implementing the new e-commerce security Requirements 6.4.3 and 11.6.1 in PCI Data Security Standard (PCI DSS) v4.0.1, the PCI Security Standards Council (PCI SSC) has announced important modifications for merchants validating to Self-Assessment Questionnaire A (SAQ A).| PCI Perspectives
