Magento & CSP: the ultimate guide
Starting April 2025, CSP or similar is required on all payment pages. What to do? We studied CSP so you don't have to 😅| Sansec
Starting April 2025, CSP or similar is required on all payment pages. What to do? We studied CSP so you don't have to 😅| Sansec
Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated...| Sansec
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.| Sansec
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...| Sansec
Sansec found criminals mass-scanning for defunct.dat files which contain GSocket backdoor keys. A quick scan reveals dozens of infected stores.| Sansec
The PCI Security Standards Council (PCI SSC) has introduced a new information supplement: “Payment Page Security and Preventing E-Skimming – Guidance for PCI DSS Requirements 6.4.3 and 11.6.1”. This document provides direction for merchants and service providers implementing controls to protect payment card data during e-commerce transactions.| PCI Perspectives
Simple, integrated & free CSP monitoring for Magento| Sansec
Merchants outraged as PCI-SSC changes compliance criteria just weeks before the new regulation comes into effect.| Sansec
