So, I was expecting that the supply chain type attacks using those services/domains are going from sometimes past year already, but only now confirmed thanks to Nullify (x.com/nullifysecurit…) that it is going back to at least past June, so a little over 1 year

🚨 Critical Alert 🚨 Threat actors have began mass scanning for CosmicSting (CVE-2024-34102). Adobe released an isolated Magento security patch yesterday, which you should apply NOW if you somehow cannot upgrade. See article below H/t Hypernode! x.com/sansecio/statu…

🚨 CosmicSting attacks have started hitting major stores, with 3 to 5 stores being hacked every hour. Merchants might still be at risk despite patching. We cover some additional mitigation steps 👉 sansec.io/research/cosmi…

Magento patch day! helpx.adobe.com/security/produ… with a RCE by me, start updating guys!

Server with #opendir 213.109.147[.]108:4242 (now disabled) had an exploit for #CosmicSting (aka CVE-2024-34102), an Unauthorized XXE that combined with CVE-2024-2961 allows RCE in Magento and Adobe Commerce stores. On the server there was a TXT file with about 3900

Sansec is proud sponsor of Ecommerce Camp Birmingham at Oct 24th! ecommercecamp.co.uk/ecommerce-camp…

Solid activity in our threat intel repo. Still no match for the incredible Mikhail Kasimov though, that guy is killing it

Say hi to Laski, the 8th CosmicSting attack group, using fake maintenance pages on deslgnhq[.]com and others. Fun fact: their infra went down several times, likely because they couldn't keep up with the high traffic hijacked stores. IOCs here sansec.io/research/cosmi…

Beware: Group Peschanki hacks over 350 new stores in the last 5 hours #cosmicsting #magento sansec.io/research/cosmi…

🚨 The number of hacked stores in this campaign surpassed 1,000 overnight, with no sign of slowing down.

😬 More than 2000 Magento stores hacked by Peschanki group in the last 20 hours and they're not slowing down. ☞ largest automated hack of Magento stores ever ☞ 6.8% of all Adobe Commerce / Magento stores worldwide hacked via CosmicSting exploit

Our research was covered by Lorenzo Franceschi-Bicchierai of TechCrunch @ techcrunch.com/2024/10/22/res… Our whole investigation started after Sansec & gwillem reported on the polyfill[.]io supply chain compromise. A company called "FUNNULL" out of China were behind it. But wait, we know them?? 👀

Just published a new @integer_net module: Sansec Watch integration for Magento 2 github.com/integer-net/ma…

3000 stores just got hit with the "statepulseapp[.]com" skimmer, injected by Group Laski. Sansec is the only vendor that recognises it: virustotal.com/gui/domain/sta…

Urgent: Adobe will drop critical patch tomorrow, outside of regular patch cycle. Fixes SessionReaper attack, affects Adobe Commerce / Magento 2.3.1+. Concept patch accidentally leaked. sansec.io/research/sessi…

Exceptionnally back on X for that. If you are a Magento or Adobe Commerce user, patch as soon as possible - the patch of my bug will be released imminently. This has one of the most severe impact possible, and is easy to trigger. Expect attacks, very soon. #magento #ecommerce

🚨 SessionReaper (CVE-2025-54236) is now actively exploited while 62% of Adobe Commerce/Magento stores remain unpatched. We expect automated mass attacks within 48 hours. sansec.io/research/sessi…

🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack. Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites. PoC is public. Patch now. Details → thehackernews.com/2025/10/over-2…

Sansec Over 250 attacks hit #Adobe #Commerce and #Magento via critical CVE-2025-54236 flaw securityaffairs.com/183754/hacking… #securityaffairs #hacking

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) - helpnetsecurity.com/2025/10/23/ado… - Adobe Assetnote Searchlight Cyber Sansec #Ecommerce #Vulnerability #Cybersecurity #CybersecurityNews