VulnHub

Real-time Cybersecurity News

Thousands of Magento Sites Hit in Ongoing Defacement Campaign

SecurityWeek
Actively Exploited

Overview

Since February 27, a series of attacks have been targeting thousands of Magento sites, affecting e-commerce platforms, well-known global brands, and even government services. The attackers are defacing these sites, which not only disrupts business operations but also poses significant risks to customer trust and data security. Many businesses relying on Magento for their online sales are now facing immediate pressure to secure their sites and address vulnerabilities. This ongoing campaign raises concerns about the effectiveness of current security measures and highlights the need for businesses to strengthen their defenses against such malicious activities.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Magento e-commerce platform, global brands, government services
  • Action Required: Businesses should review their site security measures, apply any available patches, and consider implementing additional security protocols to protect against defacement attacks.
  • Timeline: Ongoing since February 27

Original Article Summary

The attacks started on February 27 and have targeted e-commerce platforms, global brands, and government services. The post Thousands of Magento Sites Hit in Ongoing Defacement Campaign appeared first on SecurityWeek.

Impact

Magento e-commerce platform, global brands, government services

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since February 27

Remediation

Businesses should review their site security measures, apply any available patches, and consider implementing additional security protocols to protect against defacement attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

CyberScoop

The FBI and CISA have issued a public service announcement regarding a Russian intelligence campaign aimed at users of messaging apps, particularly Signal. This warning aligns with previous alerts from authorities in the Netherlands and Germany, highlighting a growing concern about the targeting of secure communication platforms. The campaign suggests that attackers are attempting to compromise the privacy and security of individuals who rely on these apps for confidential conversations. This situation is particularly alarming as it raises questions about the safety of messaging services that users often consider secure. People using these apps should remain vigilant and consider enhancing their security measures to protect their communications.

Mar 20, 2026

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

darkreading

Oracle has announced a critical vulnerability in its Fusion Middleware that allows attackers to execute arbitrary code without needing authentication. This flaw affects Oracle's Identity and Web Services Managers, particularly if they are exposed to the internet. The lack of authentication means that anyone can potentially exploit this vulnerability, making it especially dangerous for organizations that have these services publicly accessible. Companies using these products should take immediate action to secure their systems to prevent unauthorized access and potential data breaches. It's crucial for users to apply the necessary patches as soon as possible to mitigate the risks associated with this flaw.

Mar 20, 2026

Oracle pushes emergency fix for critical Identity Manager RCE flaw

BleepingComputer

Oracle has issued an emergency security update to address a serious vulnerability in its Identity Manager and Web Services Manager products, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, which poses a significant risk to organizations using these systems. The vulnerability could potentially be exploited to gain unauthorized access and control over sensitive information. Users of Oracle's Identity Manager and Web Services Manager should prioritize applying the update to protect their systems from potential attacks. This incident underscores the ongoing need for vigilance in software security, particularly with products that manage identity and access controls.

Mar 20, 2026

Trio sentenced for facilitating North Korean IT worker scheme from their homes

CyberScoop

Three men have been sentenced for their roles in a scheme that funneled approximately $1.28 million in salaries from U.S. companies to North Korean IT workers. The trio operated from their homes, setting up laptop farms and assisting remote workers in creating fake identities to secure jobs. This operation not only defrauded companies but also contributed to North Korea's illicit activities by providing the regime with foreign currency. The case highlights ongoing concerns about cybercrime linked to North Korea and the challenges companies face in verifying the identities of remote workers. As cyber threats evolve, organizations must remain vigilant in their hiring practices to avoid falling victim to similar scams.

Mar 20, 2026

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

The Hacker News

Trivy, an open-source vulnerability scanner developed by Aqua Security, has been compromised for the second time in a month. This breach specifically targeted the GitHub Actions workflows 'aquasecurity/trivy-action' and 'aquasecurity/setup-trivy', which are commonly used for scanning Docker container images for vulnerabilities. Attackers hijacked 75 tags to deliver malware that aims to steal sensitive continuous integration and continuous delivery (CI/CD) secrets. This incident is particularly concerning as it exposes users relying on these tools to potential data breaches and security risks. Organizations using these GitHub Actions should take immediate action to secure their environments and monitor for any unauthorized access or data leaks.

Mar 20, 2026

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

darkreading

The ransomware group known as Beast Gang has accidentally exposed files from their central cloud server, revealing their aggressive tactics for attacking network backups. These files show a clear strategy focused on targeting backup systems, which is a common method used by ransomware groups to ensure victims are more likely to pay the ransom. This incident raises serious concerns for organizations that rely on cloud services for data storage and highlights the importance of securing backup systems against potential ransomware attacks. As these tactics become more public, companies may need to reassess their cybersecurity measures to protect against such vulnerabilities. The exposure of these files could also lead to further attacks as other cybercriminals may adopt similar strategies.

Mar 20, 2026