New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe Gateway allows e-commerce websites to directly accept

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit

Top Cyber Threats Facing E-Commerce Sites This Holiday Season

Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online, resulting in $224 billion in e-commerce sales. To ensure your e-commerce site is ready for the holiday rush