Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper vulnerability (CVE-2025-54236) has triggered a rapid surge in malware attacks, jumping 47% in recent weeks[1][5].
SessionReaper is a remote code execution flaw that lets attackers hijack user sessions and even seize full control of a store’s server - often without any authentication[1][5]. Exploitation typically involves uploading malicious session files, which can lead to stolen data, fraudulent transactions, and long-term backdoors in your shop’s codebase[1][5].
The attacks are accelerating - proactive patching and scanning are crucial to protect your customers and your business[1][5].
Sources
[1] Thousands of online stores at risk as SessionReaper ... https://www.malwarebytes.com/blog/news/2025/10/thousands-of-online-stores-at-risk-as-sessionreaper-attacks-spread
[2] Critical Adobe Commerce, Magento vulnerability under ... https://www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
[3] Adobe Security Bulletin https://helpx.adobe.com/security/products/magento/apsb25-88.html
[4] SessionReaper: Account Takeover and Unauthenticated ... https://www.greenbone.net/en/blog/sessionreaper-account-takeover-and-unauthenticated-rce-in-magento-and-adobe-commerce/
[5] Over 250 Magento Stores Hit Overnight as Hackers Exploit ... https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html
[6] SessionReaper (CVE-2025-54236): Critical Adobe ... https://socradar.io/sessionreaper-cve-2025-54236-adobe-commerce-exploit/
[7] Adobe Commerce / Magento Insecure Deserialization ... https://www.tenable.com/plugins/was/115019
[8] Why nested deserialization is STILL harmful – Magento ...
PrestaShop has recently issued a security alert warning store owners about a digital skimmer threat targeting their platform. If you're running a PrestaShop store, this is an important reminder to verify your site's security.
With growing numbers of clients hosting with WP Engine, we felt it may be useful to highlight how a WordPress eCommerce site security is handled by combining WP Engine and ThreatView.
TLDR: WP Engine gives you high-performance managed WordPress hosting. ThreatView Advanced makes sure your website stays secure.
It's Cyber Monday, following record-breaking Black Friday sales (according to Forbes magazine) and the Christmas rush is fast approaching - all with the backdrop of SessionReaper targeting Magento /Adobe Commerce sites and a significantly growing number of hacked sites worldwide.
As of this morning, we can see over 50,000 domains with indicators of compromise - with nearly 90% of the detected malware targeting eCommerce payment data.
