About

Latest e-commerce security news


Bug Bounty Radar

The latest bug bounty programs for December 202201 December 2022Bug Bounty RadarThe latest bug bounty programs for December 2022

Ibexa DXP patched for GraphQL password hash leak

18 November 2022Ibexa DXP patched for GraphQL password hash leakOrganizations advised to mandate password resets out of caution

Bug Bounty Radar

The latest bug bounty programs for November 202201 November 2022Bug Bounty RadarThe latest bug bounty programs for November 2022

CVSS 10

Adobe patches Magento XSS that puts sites at takeover risk14 October 2022CVSS 10Adobe patches Magento XSS that puts sites at takeover risk

Bug Bounty Radar

The latest bug bounty programs for September 202202 September 2022Bug Bounty RadarThe latest bug bounty programs for September 2022

Bug Bounty Radar

The latest bug bounty programs for June 202231 May 2022Bug Bounty RadarThe latest bug bounty programs for June 2022

Guzzle bug

Cookie leakage issue in PHP HTTP client prompts Drupal update27 May 2022Guzzle bugCookie leakage issue in PHP HTTP client prompts Drupal update

Volatile market for stolen credit card data shaken up by Russian sanctions

25 May 2022Volatile market for stolen credit card data shaken up by Russian sanctionsIllicit trade still flourishing despite recent law enforcement takedowns

Pressing issue

WordPress sites getting hacked ‘within seconds’ of TLS certs being issued06 May 2022Pressing issueWordPress sites getting hacked ‘within seconds’ of TLS certs being issued

Bug Bounty Radar

The latest bug bounty programs for May 202229 April 2022Bug Bounty RadarThe latest bug bounty programs for May 2022

Credit card industry standard revised to repel card-skimmer attacks

14 April 2022Credit card industry standard revised to repel card-skimmer attacksPCI DSS v4.0 encourages better defenses against Magecart-style assaults

Point of assail?

UK retailer The Works blames store closures on POS problems after attack06 April 2022Point of assail?UK retailer The Works blames store closures on POS problems after attack

Bug Bounty Radar

The latest bug bounty programs for April 202201 April 2022Bug Bounty RadarThe latest bug bounty programs for April 2022

‘Dangerous trend’

EU web authentication plan threatens to undercut browser-led certification system, say detractors30 March 2022‘Dangerous trend’ EU web authentication plan threatens to undercut browser-led certification system, say detractors

Network cavity blamed for data breach at Japanese candy maker

29 March 2022Network cavity blamed for data breach at Japanese candy makerMore than 1.6m affected by suspected compromise that ‘locked up’ servers

Downdetector

How the popular site outage tracker is helping to improve web security17 March 2022DowndetectorHow the popular site outage tracker is helping to improve web security

Lessons learned

Electronics retailer apologises after inadvertent customer data leak08 March 2022Lessons learnedElectronics retailer apologises after inadvertent customer data leak

Japanese retailer traces breach to third-party hack

04 March 2022Japanese retailer traces breach to third-party hack Company traces compromise to vulnerability in payment processor’s systems

Dynamicweb RCE flaw could allow server compromise

04 March 2022Dynamicweb RCE flaw could allow server compromise‘Extremely easy to exploit’ bug introduced to codebase in 2018, say researchers

Web store lockdown

Emergency Adobe Commerce, Magento patches follow ‘limited’ in-the-wild attacks16 February 2022Web store lockdownEmergency Adobe Commerce, Magento patches follow ‘limited’ in-the-wild attacks

Bug Bounty Radar

The latest bug bounty programs for February 202231 January 2022Bug Bounty RadarThe latest bug bounty programs for February 2022

DeepDotWeb administrator gets eight-year stretch in US prison

27 January 2022DeepDotWeb administrator gets eight-year stretch in US prisonTal Prihar pleaded guilty to his role in darknet kickback scheme last year

Credential stuffing attacks

New York Attorney General alerts 17 ‘well-known’ organizations to 1.1m compromised online accounts06 January 2022Credential stuffing attacksNew York Attorney General alerts 17 ‘well-known’ organizations to 1.1m compromised online accounts

Bookshop of errors

Indian academic bookseller Oswaal Books fixes alleged serious vulnerabilities with Shopify relaunch05 January 2022Bookshop of errorsIndian academic bookseller Oswaal Books fixes alleged serious vulnerabilities with Shopify relaunch

US retailer PulseTV warns of apparent credit card breach

04 January 2022US retailer PulseTV warns of apparent credit card breachPayment system updated amidst fears 200,000 records may have been exposed

US clothing supplier Pro Wrestling Tees hit by data breach

23 December 2021US clothing supplier Pro Wrestling Tees hit by data breachLaw enforcement alerted company to compromise of payment card info

Hacker-powered security

Human error bugs increasingly making a splash, new report indicates10 December 2021Hacker-powered securityHuman error bugs increasingly making a splash, new report indicates

Sour note

Web cache poisoning bug discovered in Symfony web app framework01 December 2021Sour noteWeb cache poisoning bug discovered in Symfony web app framework

Bloated browser?

Microsoft pushes ahead with controversial ‘buy now, pay later’ feature for Edge26 November 2021Bloated browser?Microsoft pushes ahead with controversial ‘buy now, pay later’ feature for Edge

Trickbot arrest

Russian national extradited to US for alleged role in developing notorious banking trojan29 October 2021Trickbot arrestRussian national extradited to US for alleged role in developing notorious banking trojan

Fast fashion

US clothing brand Next Level Apparel reports phishing-driven data breach06 October 2021Fast fashionUS clothing brand Next Level Apparel reports phishing-driven data breach

US retailer notifies 4.6m customers of data breach

01 October 2021US retailer notifies 4.6m customers of data breachDepartment store chain forces password reset after discovering 2020 incident last month

WordPress security

CookieYes GDPR plugin patches XSS bug following large-scale PHP audit29 September 2021WordPress securityCookieYes GDPR plugin patches XSS bug following large-scale PHP audit

Google Chrome incorporates new secure payment feature

27 September 2021Google Chrome incorporates new secure payment featureNew tech touted as faster and stronger than web-based authentication alternatives

Letting off Steam

Valve promptly resolves ‘unlimited funds’ gaming wallet cheat13 August 2021Letting off SteamValve promptly resolves ‘unlimited funds’ gaming wallet cheat

Stray Shopify access token earns bug bounty hunter $50k

27 July 2021Stray Shopify access token earns bug bounty hunter $50kProgramming credential that gave access to Shopify repos wasn’t abused, audit reveals

Loyalty management tech firm Antavo launches bug bounty program on Hacktify

22 July 2021Loyalty management tech firm Antavo launches bug bounty program on HacktifyLondon-headquartered company seeks ‘outside perspective’ on AppSec