Bleeping Computer

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Threat Post

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Researchers have disclosed two flaws that could enable remote code execution attacks ...
Graham Cluley

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

ZDNet reports that the FBI has issued a “flash alert” warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin.
Business Wire

Affirm Surpasses 200 Magento Clients and Releases New Magento 2.0 Extension

SAN FRANCISCO--(BUSINESS WIRE)--Affirm, Inc., the company started by PayPal co-founder Max Levchin to deliver consumers honest financial products, announced its 200th Magento client and the general ...
Ars Technica

Breach of software maker used to backdoor ecommerce servers

FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of ...