"Adobe Commerce Flaw Exploited to Compromise Thousands of Sites"
Sansec reports that multiple threat actors compromised over 4,000 online stores through the exploitation of a critical Adobe Commerce vulnerability named "CosmicSting." The vulnerability is an improper restriction of XML external entity reference (XXE). Adobe released a hotfix for the bug in July, warning of its exploitation in limited attacks, and the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) list. This article continues to discuss the compromise of over 4,000 Adobe Commerce and Magento stores unpatched against the Adobe Commerce vulnerability.
SecurityWeek reports "Adobe Commerce Flaw Exploited to Compromise Thousands of Sites"
Submitted by grigby1
Submitted by Gregory Rigby
on