Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper vulnerability (CVE-2025-54236) has triggered a rapid surge in malware attacks, jumping 47% in recent weeks[1][5]. What Is SessionReaper? SessionReaper is a remote code execution flaw that lets attackers hijack user sessions and even seize full control of a store’s server - often without any authentication[1][5]. Exploitation typically involves uploading malicious sessio

At Turaco Labs, we have identified a live digital skimmer (e-skimmer) that hijacks Stripe Elements (and potentially other gateways) by proxying Stripe through a look-alike mirror system . A small and innocuous PHP code change quietly rewrites js.stripe.com to the attacker’s domain. From there, a transparent reverse-proxy spoofs headers and modifies responses while returning content that looks and behaves exactly like the real thing. While most attacks that aim to replace t

Understanding Digital Skimmers / E-Skimming: The Invisible Threat to Your Business E-skimming, also referred to as digital skimming, web...

eCommerce websites face an unprecedented level of cyber threats, with digital skimmers ThreatView - eCommerce Security and malware...

A regular query we've had from our partners is "how we are going to support the new PCI requirements 6.4.3 and 11.6.1 for eCommerce...

eCommerce businesses face an increasingly complex cybersecurity landscape, with PCI compliance requirements adding another layer of...

Why Your eCommerce Business Needs Website Security Scanning Peace of Mind in the Digital Marketplace While implementing a website...

Silver Bullet or Simply Part of a Multi-Layered Defence? With the new PCI DSS Requirement 6.4.3 for eCommerce sites, much is being said...

Overview - Installation Guide for ThreatView in Magento/Adobe Commerce Cloud Environments This guide provides step-by-step instructions...

Understanding PCI DSS 4.0.1 and How ThreatView Can Help What is the PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS)...

In a major step toward securing the eCommerce ecosystem, ThreatView has become an official security partner of the Magento Association.

There is a great deal of interest and focus on the new PCI requirements coming into force this month for eCommerce merchants: Requirement...

The eCommerce PCI DSS landscape is evolving, with the latest FAQ from the PCI SSC clarifying which eCommerce merchants need to complete...

Cybercriminals are becoming more sophisticated, and eCommerce sites remain their #1 target. Our 2024 eCommerce Security Year in Review...

The buzz around the new PCI DSS requirements for eCommerce is well-deserved - and for good reason. The evolving threat landscape demands...

The eCommerce industry has been targeted by criminals with growing intensity over the last couple of years. The number of hacked sites...

Our October 2024 eCommerce Security ThreatScape Report is ready and here are a few of the highlights: Portfolio: 16m+ websites. "Hacked...

Our September 2024 eCommerce ThreatScape Report is ready and here are a few of the highlights: Portfolio: 16m+ websites. Slight DECREASE ...

The eCommerce ThreatScape Report for August 2024 showed that the industry is facing a level of attack and compromise that we have not...

Exposed Admin Login pages are a significant security risk. Here are a few recommendations to improve security.