All news

Magento

(3 articles)
SVG Pixel Trick Hides Magento Credit Card Skimmer

April 8, 2026

SVG Pixel Trick Hides Magento Credit Card Skimmer

Hackers inject a 1x1 SVG pixel with base64-encoded skimmer code into Magento stores, stealing credit card data via fake checkout overlays. Here's what to check.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

March 20, 2026

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical PolyShell vulnerability in Magento allows unauthenticated file uploads, remote code execution, and full account takeover. Here's what you need to know.

New 'PolyShell' Flaw Allows Unauthenticated RCE on Magento E-Stores

March 19, 2026

New 'PolyShell' Flaw Allows Unauthenticated RCE on Magento E-Stores

The PolyShell vulnerability lets attackers execute code or hijack accounts on Magento stores without authentication - and exploit code is already circulating.