Tags:

Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper vulnerability (CVE-2025-54236) has triggered a rapid surge in malware attacks, jumping 47% in recent weeks[1][5].
SessionReaper is a remote code execution flaw that lets attackers hijack user sessions and even seize full control of a store’s server - often without any authentication[1][5]. Exploitation typically involves uploading malicious session files, which can lead to stolen data, fraudulent transactions, and long-term backdoors in your shop’s codebase[1][5].
The attacks are accelerating - proactive patching and scanning are crucial to protect your customers and your business[1][5].
Sources
[1] Thousands of online stores at risk as SessionReaper ... https://www.malwarebytes.com/blog/news/2025/10/thousands-of-online-stores-at-risk-as-sessionreaper-attacks-spread
[2] Critical Adobe Commerce, Magento vulnerability under ... https://www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
[3] Adobe Security Bulletin https://helpx.adobe.com/security/products/magento/apsb25-88.html
[4] SessionReaper: Account Takeover and Unauthenticated ... https://www.greenbone.net/en/blog/sessionreaper-account-takeover-and-unauthenticated-rce-in-magento-and-adobe-commerce/
[5] Over 250 Magento Stores Hit Overnight as Hackers Exploit ... https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html
[6] SessionReaper (CVE-2025-54236): Critical Adobe ... https://socradar.io/sessionreaper-cve-2025-54236-adobe-commerce-exploit/
[7] Adobe Commerce / Magento Insecure Deserialization ... https://www.tenable.com/plugins/was/115019
[8] Why nested deserialization is STILL harmful – Magento ...
Over the last three months, the digital skimmer landscape has changed noticeably. Based on the latest ThreatView charts, Magento 2 remains the most targeted platform, but the biggest movement is elsewhere: Shopify has risen sharply and now appears to be the second most targeted platform for digital skimmers.
In February 2026, we detected 327 compromised PrestaShop websites running card-harvesting malware loaders or digital skimmer malware. By the beginning of June 2026, that number had risen to 1,068. This is an active, expanding campaign affecting a growing number of merchants.
A practical guide for Magento and Adobe Commerce merchants dealing with PolyShell: what it is, how to detect compromise, how ThreatView helps, and what to do next.