magento
All articles and research tagged with magento
ConnectPOS leaked Github secrets for years
2026-01-12 Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code.
SessionReaper attacks have started, 3 in 5 stores still vulnerable
2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours.
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)
2025-09-08 SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately.
Scan your store now
for malware & vulnerabilities
eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.
Learn more
