Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. [...]
Wiz researchers found architecture flaws in generative AI models available on the AI hub Hugging Face
Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware.
State Dept keeps schtum 'for security reasons' Uncle Sam is investigating claims that a criminal stole and leaked classified information from the Pentagon and other national security agencies.…
Also: A OneCoin Sentencing, Tornado Cash Update, FTX Repayment PlansThis week, hackers stole from Prisma Finance and demanded praise, a OneCoin head was sentenced to prison, a Tornado Cash co-founder asked for dismissal of charges, FTX said it will repay customers, Singapore has new digital payment token rules, and the BoE and FCA launched Digital Security Sandbox.
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.…
Threat actor IntelBroker claims to have classified intelligence stolen from US government tech supplier Acuity
Watch this webinar for a hair raising journey into the darkest depths of GenAI enabled cyber crime Sponsored Post Artificial intelligence (AI) offers enormous commercial potential but also substantial risks to data security if it is harnessed by cyber criminals intent on stealing or corrupting sensitive information for their own gain.…
Device Bound Session Credentials Tie Authentication Cookies to Specific ComputersGoogle is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.
Is there no cure for this cyber-plague? Nearly one million individuals' personal details, financial account information, and medical records may have been stolen from City of Hope systems in the United States.…
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...]
Missouri County Blames Ransomware for IT Outages; Special Election Not DisruptedThe Missouri county of Jackson has declared a state of emergency after being hit by ransomware on the day of a special election. Officials said attackers didn't appear to have stolen any data and that as a cybersecurity measure, the county doesn't store any residents' sensitive financial data.
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware
Device Bound Session Credentials said to render cookie theft useless Google reckons that cookie theft is a problem for users, and is seeking to address it with a mechanism to tie authentication data to a specific device, rendering any stolen cookies useless.…
Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. [...]
Kaspersky said cybercriminals harvested 50.9 login credentials per infected device in 2023