Threat actors have exploited a major flaw in the Magento platform to insert a persistent backdoor into e-commerce sites. The flaw allows for arbitrary code execution by neutralizing special elements, according to Adobe. The attacks inject malicious code to execute commands linked to the checkout cart. Sansec found the issue, which was addressed in a February 13, 2024 security update. It led to a backdoor for code execution and a Stripe payment skimmer capturing financial data.
Chinese hackers use BrickStorm malware to dwell in networks for over a year, researchers say – Tech Observer Magazine
Chinese hackers use BrickStorm malware to dwell in networks for over a year, researchers say Tech Observer Magazine
