Threat actors have exploited a major flaw in the Magento platform to insert a persistent backdoor into e-commerce sites. The flaw allows for arbitrary code execution by neutralizing special elements, according to Adobe. The attacks inject malicious code to execute commands linked to the checkout cart. Sansec found the issue, which was addressed in a February 13, 2024 security update. It led to a backdoor for code execution and a Stripe payment skimmer capturing financial data.
Critical Claude Code Flaw Silently Bypasses Developer-Configured Security Rules
A high-severity security bypass vulnerability in Anthropic’s Claude Code AI coding agent allows malicious actors to silently evade user-configured deny rules through a simple command-padding
