CybserSecurity News

Tag: E-commerce

  • SessionReaper: Critical Magento Flaw Actively Exploited by Hackers

    Hackers have begun actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms, despite the issue having been officially patched last month. Over the past 24 hours, more than 250 attack attempts have been recorded against online stores using these systems, signaling the onset of a large-scale exploitation campaign. The most dangerous attacks involve API-based creation of fraudulent user sessions, allowing adversaries to fully compromise customer accounts.

    The flaw, tracked as CVE-2025-54236, carries a CVSS severity score of 9.1. It stems from improper input validation in the Commerce REST API interface, which enables remote code execution by attackers. Researchers have dubbed the vulnerability SessionReaper. It was discovered and disclosed by a security researcher operating under the pseudonym Blaklis, after which Adobe issued a corresponding patch. Nevertheless, six weeks after disclosure, over 60% of Magento installations remain unpatched, leaving them highly susceptible to compromise.

    According to a report by Sansec, the malicious campaign is linked to a cluster of IP addresses from which attackers upload PHP web shells via the endpoint “/customer/address_file/upload”, disguising their activity as legitimate client sessions. In some cases, requests to phpinfo were observed, likely used to gather environment configuration details. The objective is to establish persistent system access and expand the attack vector through arbitrary code execution.

    Meanwhile, researchers at Searchlight Cyber published a technical analysis of CVE-2025-54236, describing it as a complex nested deserialization flaw that allows remote command execution on the target server. This marks the second major deserialization vulnerability affecting Adobe Commerce and Magento in the past two years. In the summer of 2024, a similar flaw known as CosmicSting (CVE-2024-34102)—rated 9.8 on the CVSS scale—was widely exploited.

    As exploit code and technical details continue to circulate in public repositories, experts urgently warn administrators to update their systems immediately. Any delay in applying patches, they caution, creates a fertile environment for mass compromises amid the already escalating wave of active attacks.

  • Muji Suspends Online Store After Ransomware Cripples Logistics Partner

    The Japanese company Ryohin Keikaku, owner of the Muji brand, has suspended operations of its online store following a cyberattack on its logistics partner, Askul Corp.

    According to Ryohin Keikaku, the decision was made late on Sunday, October 19, at 9:00 p.m., and the timeframe for restoring the online platform remains undetermined.

    Askul, a company specializing in office supplies and logistics services, reported that it was forced to halt order processing and deliveries after a ransomware attack crippled its systems. Muji’s online orders are fulfilled through ASKUL LOGIST Co., a subsidiary of Askul, which directly affected the retailer’s e-commerce operations.

    In an official statement, Ryohin Keikaku emphasized that the incident was limited to its partner’s infrastructure, and that its own systems were not compromised. All brick-and-mortar Muji stores continue to operate as usual.

    However, due to the temporary suspension of the online store, certain features of the MUJI App—including order tracking, access to the From the Editor section, and management of monthly subscriptions—are currently unavailable.

    Ryohin Keikaku confirmed that it is working in close coordination with Askul to restore services and will notify users once systems are fully operational and data security has been verified.

    Askul stated that the investigation is ongoing, as the company works to determine whether personal or client information was compromised. It is also assessing the financial impact and may delay publication of its monthly results, originally scheduled for October 28.

    The attack on Askul occurred just weeks after a major cyber incident targeting Japan’s largest brewer, Asahi Group Holdings, which disrupted production and distribution of its Super Dry beer and forced a postponement of its third-quarter financial report.

    Following news of the attack, Askul’s shares dropped nearly 6% on the Tokyo Stock Exchange, while Ryohin Keikaku’s stock fell by 6.6%.