Security

2019

• Bad extensions now main source of Magento hacks: a solution! 01/29

• MySQL client allows MySQL server to request any local file 01/20

• Adminer leaks passwords; Magecart hackers rejoice 01/17

2018

• Advanced sabotage among competing Magecart factions 11/20

• Merchants struggle with MageCart reinfections 11/12

• Backdoor found in Webgility 10/30

• Multiple 0days used by Magecart 10/23

• CSU store hacked right before election 10/15

• MageCart: now with tripwire 10/04

• ABS-CBN next in series of high profile breaches 09/18

• A Google Analytics thief uncovered 09/06

• MagentoCore skimmer most aggressive to date 08/30

2017

• Hackers breached Magento through helpdesk 12/28

• Cryptojacking found on 2496 online stores 11/07

• Hacking the KPN Zyxel DSL router (P-2812HNU-F1) 09/28

• Why ordering HTTP headers is important 05/02

• Warning: fake Magento patch 9789 contains virus 04/21

• A Magento breach analysis (part 1) 04/12

• An OpenCart/Magento hacking dashboard 04/07

• Wanted: online stores that have quit 03/21

• Self-healing malware discovered 02/14

2016

• Cracking Magento passwords for $1 12/16

• Visbot malware found on 6691 stores [analysis] 12/01

• Ten ideas to fix Magento's reverse brand ambassadors 11/26

• Magento and upcoming SSL requirements 11/21

• 5900 online stores found skimming [analysis] 10/11

• Senate Republicans were skimmed for six months, quietly fix store 10/04

• A peek in the dark world of credit card laundering 10/03

• Magento Paypal payments may break after June 17th 06/15

2015

• Widespread credit card hijacking discovered 11/17