Sansec BV's Avatar

Sansec BV

@sans.ec

experts in eCommerce security - https://sansec.io

190
Followers 7
Following 13
Posts 19.11.2024
Joined
Posts Following

Latest posts by Sansec BV @sans.ec

Preview
SessionReaper, a critical bug in Magento & Adobe Commerce (CVE-2025-54236) Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...

Adobe will release fix for the critical SessionReaper attack tomorrow Sept 9th. All Magento and Adobe Commerce versions are vulnerable.

Sansec Shield users are already protected, all others should standby and implement patch once it is published (likely 14h UTC).

sansec.io/research/ses...

08.09.2025 13:26 πŸ‘ 0 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

Thanks for pointing out our sampling bias, since the last graph we've stopped crawling some smaller stores but not Magento so we cannot give you an accurate distribution right now, only a relative malware activity graph for all platforms

06.06.2025 07:23 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Magento supply chain attack compromises hundreds of e-stores A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.

02.05.2025 14:10 πŸ‘ 9 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
Backdoor found in popular ecommerce components Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...

Coordinated supply chain attack hits 3 vendors, backdoors go unnoticed for 6 years. Sansec discovered actual abuse has started last week.

sansec.io/research/lic...

02.05.2025 14:43 πŸ‘ 9 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image
18.04.2025 12:03 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Meanwhile, the attacker has upgraded their malware and rotated three exfil domains:

bootrow\.com
redtransfer\.net
imgweb\.net

PSA β€” This breach would have been prevented with Sansec Shield, our real-time malware protection layer.

18.04.2025 12:02 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

⚽️πŸ”₯ AS Roma has been hacked since March 19. Attack is ongoing, and customer data is leaked to the Russian SmartApe network (AS62212).

We reached out 5 times to their privacy & security teams but no response.

18.04.2025 12:02 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Found "defunct.dat" or "qfile" on your site? They contain access keys for hidden GSocket backdoors. Mass scans for these files launched since Mar 31st. Dozens of sites affected.

sansec.io/research/gso...

03.04.2025 14:33 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Sansec Shield Advanced real-time protection for your Magento store

Pro-tip: install Sansec Shield

sansec.io/guides/sanse...

21.03.2025 19:30 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Sansec Shield (Beta) Advanced real-time protection for your Magento store

Worried about having to roll out ABSP25-08 before the weekend? No stress! πŸš€ Meet Sansec Shield (beta)β€”an origin-bound WAF built to guard your store against all major Magento attack vectors, including this week's CVSS 9.4 threat.

Installation is just a composer require.
sansec.io/guides/sanse...

13.02.2025 13:53 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Magento Security Release APSB25-08 [Impact Analysis] Critical (CVSS 9.4) release enables attackers to take control of customer accounts.

Impact analysis for Adobe Commerce & Magento security release APSB25-08: unauthorized attackers can take control of your customer accounts. Not as critical as CosmicSting but still recommended to patch asap.

Full analysis: sansec.io/research/mag...

13.02.2025 08:48 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

The exfil domain "esaspaceshop[.]pics" that is used to steal data from ESA staff, was registered a month ago but only showed up on the ESA site today.

23.12.2024 14:58 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image Post image

"Foreign espionage campaign launched via Christmas sweaters"

The πŸš€ ESA (European Space Agency) store just got hacked.

The store seems to be integrated with ESA systems, as employees are required to login with their ESA email address.

23.12.2024 14:58 πŸ‘ 9 πŸ” 6 πŸ’¬ 1 πŸ“Œ 0
Post image

Welcome to our new humble presence! To commemorate, we have just released eComscan 1.7.0 with more detailed malware reporting and tons of improvements. Your version will auto upgrade.

sansec.io/guides/chang...

19.11.2024 15:41 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0