Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Magento Open Source v2 and Adobe Commerce PolyShell mass exploitation

Exploitation Wave
First reported
Last updated
Happening score
H score 45
1 unique sources, 2 articles

Summary

Hide ▲

PolyShell exploitation is now underway against Magento Open Source v2 and Adobe Commerce, with attackers reaching 56.7% of vulnerable stores. The surge began on March 19, 2026, shortly after public disclosure, making the flaw an actively exploited risk for exposed e-commerce systems. The activity matters because the underlying issue can enable remote code execution or account takeover.

Related Happenings

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...

Open Happening

Adobe security patch release for CVE-2026-34621

Security Patch Release
First: 12.04.2026 07:25 Last: 12.04.2026 07:25 Sources 1

About this happening: **Adobe** issued **emergency updates** for **Acrobat Reader**, **Acrobat DC**, and **Acrobat 2024** after **CVE-2026-34621** was found **actively exploited in the wild**. The patc...

Open Happening

Adobe Reader zero-day exploited via malicious PDFs security flaw

Vulnerability
First: 09.04.2026 12:22 Last: 09.04.2026 12:22 Sources 1

About this happening: **Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...

Latest development: 13.04.2026 18:37

Adobe released an emergency security update for Acrobat Reader to fix CVE-2026-34621 after zero-day exploitation in malicious PDF files. The bulletin says Acrobat DC versions 26.001.21367 and earlier, Acrobat Reader DC versions 26.001.21367 and earlier, and Acrobat 2024 versions 24.001.30356 and earlier are affected, and Adobe recommends updating through Help > Check for Updates or the official installer.

Open Happening

Magento checkout skimmer campaign targeting nearly 100 stores

Campaign
First: 09.04.2026 01:34 Last: 09.04.2026 01:34 Sources 1

How related: A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.

About this happening: A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...

Open Happening

WebRTC payment skimmer

Malware Activity
First: 26.03.2026 08:53 Last: 26.03.2026 08:53 Sources 1

About this happening: A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....

Open Happening

Timeline

  1. 09.04.2026 01:34 1 articles · 1mo ago

    Sansec finds SVG card skimmer in Magento stores

    Technical Analysis Update

    Sansec reported a new campaign against nearly 100 Magento online stores in which attackers hide a credit card skimmer inside a 1x1-pixel SVG element with an onload handler, display a fake Secure Checkout overlay on checkout, validate submitted card data with Luhn, and exfiltrate payment details to attacker infrastructure; the researchers also identified six exfiltration domains hosted by IncogNet LLC (AS40663).

    Show sources
    Open in new tab
  2. 25.03.2026 23:40 1 articles · 2mo ago

    Adobe release of PolyShell fix beta

    Mitigation Patch Update

    Adobe released version 2.4.9-beta1 as a fix for PolyShell in Magento Open Source v2 and Adobe Commerce, but the stable branch had not yet received an update.

    Show sources
    Open in new tab
  3. 25.03.2026 23:40 1 articles · 2mo ago

    Mass exploitation of PolyShell against vulnerable Magento stores

    Exploitation Observed

    Mass exploitation of PolyShell began against Magento Open Source v2 and Adobe Commerce installations, with attackers reaching 56.7% of vulnerable stores and abusing Magento’s REST API file-upload handling to enable remote code execution or account takeover via stored XSS.

    Show sources
    Open in new tab
  4. 25.03.2026 23:40 1 articles · 2mo ago

    WebRTC skimmer and scanning indicators identified

    Detection Ioc Update

    Sansec identified a WebRTC-based payment card skimmer in PolyShell-linked attacks, published IP addresses tied to vulnerable-store scanning, and noted the skimmer on the e-commerce website of a car maker valued at over $100 billion.

    Show sources
    Open in new tab