Sansec BV
@sans.ec
π€ 168
π₯ 7
π 13
experts in eCommerce security -
https://sansec.io
Adobe will release fix for the critical SessionReaper attack tomorrow Sept 9th. All Magento and Adobe Commerce versions are vulnerable. Sansec Shield users are already protected, all others should standby and implement patch once it is published (likely 14h UTC).
sansec.io/research/ses...
loading . . .
SessionReaper, a critical bug in Magento & Adobe Commerce (CVE-2025-54236)
Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...
https://sansec.io/research/sessionreaper
about 1 month ago
0
0
2
reposted by
Sansec BV
BleepingComputer
5 months ago
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.
loading . . .
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.
https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/
0
9
4
Coordinated supply chain attack hits 3 vendors, backdoors go unnoticed for 6 years. Sansec discovered actual abuse has started last week.
sansec.io/research/lic...
loading . . .
Backdoor found in popular ecommerce components
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...
https://sansec.io/research/license-backdoor
5 months ago
0
9
5
β½οΈπ₯ AS Roma has been hacked since March 19. Attack is ongoing, and customer data is leaked to the Russian SmartApe network (AS62212). We reached out 5 times to their privacy & security teams but no response.
6 months ago
1
1
0
Found "defunct.dat" or "qfile" on your site? They contain access keys for hidden GSocket backdoors. Mass scans for these files launched since Mar 31st. Dozens of sites affected.
sansec.io/research/gso...
6 months ago
0
2
0
Worried about having to roll out ABSP25-08 before the weekend? No stress! π Meet Sansec Shield (beta)βan origin-bound WAF built to guard your store against all major Magento attack vectors, including this week's CVSS 9.4 threat. Installation is just a composer require.
sansec.io/guides/sanse...
loading . . .
Sansec Shield (Beta)
Advanced real-time protection for your Magento store
https://sansec.io/guides/sansec-shield
8 months ago
0
2
1
Impact analysis for Adobe Commerce & Magento security release APSB25-08: unauthorized attackers can take control of your customer accounts. Not as critical as CosmicSting but still recommended to patch asap. Full analysis:
sansec.io/research/mag...
loading . . .
Magento Security Release APSB25-08 [Impact Analysis]
Critical (CVSS 9.4) release enables attackers to take control of customer accounts.
https://sansec.io/research/magento-apsb25-08
8 months ago
0
0
1
"Foreign espionage campaign launched via Christmas sweaters" The π ESA (European Space Agency) store just got hacked. The store seems to be integrated with ESA systems, as employees are required to login with their ESA email address.
10 months ago
1
9
6
Welcome to our new humble presence! To commemorate, we have just released eComscan 1.7.0 with more detailed malware reporting and tons of improvements. Your version will auto upgrade.
sansec.io/guides/chang...
11 months ago
0
3
0
you reached the end!!
feeds!
log in