Hackers have found their way into a large number of internet e-commerce sites.
This latest cybersecurity threat targets web stores running on the Magento or Adobe Commerce platforms, according to BleepingComputer, which cited the security firm Sansec as first publicizing the exploit. That was just over a week ago, and since Sansec exposed the vulnerability, known as PolyShell, the firm claimed that 56 percent of vulnerable stores have been experienced attacks.
You can check out Sansec's analysis for the full technical details of what's going on, but in the simplest terms possible, it seems hackers have managed to insert a credit card skimmer into the API for Magento, an open-source e-commerce platform acquired by Adobe several years ago. Sansec says it spotted the attack being used on an unnamed "major car manufacturer."
We have contacted Adobe for comment and will update this story if they respond.
Adobe has released a fix for this in the beta branch of its software, but that doesn't help the presumably vast majority of sites running the non-beta version of the software. Until the fix goes public, this will be an issue for any site running Magento or Adobe Commerce.