The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...
Hosted on MSN

Adobe patches 'most severe' flaw in Magento eCommerce platform

Adobe patched a critical Web API flaw in Commerce and Magento The bug, dubbed SessionReaper, scored 9.1/10 and affects multiple versions Researchers warn the leaked hotfix may aid attackers Adobe has ...
SecurityWeek

Thousands of Magento Sites Hit in Ongoing Defacement Campaign

Over 7,500 Magento sites, including major brands and government services, were hit in an ongoing mass-defacement campaign.
Hosted on MSN

Hundreds of Adobe Magento stores hit after critical security flaw found - here's what we know

CVE-2025-54236 is actively exploited to hijack accounts via Magento’s REST API Over 250 attacks in 24 hours; most stores remain unpatched six weeks after fix Attackers upload PHP backdoors using fake ...
TechRadar

Hundreds of Adobe Magento stores hit after critical security flaw found - here's what we know

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. CVE-2025-54236 is actively exploited to hijack accounts via Magento’s REST API Over 250 attacks ...