430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed […]

Adobe Acrobat Reader CVE-2026-34621

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours.

E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed over 250 attacks hit stores in 24 hours.

Last month, Adobe issued an emergency patch to fix the flaw, dubbed SessionReaper, after researcher Blaklis responsibly disclosed it.

The vulnerability is an improper input validation issue.

“The bug, dubbed SessionReaper and assigned CVE-2025-54236, allows customer account takeover and unauthenticated remote code execution under certain conditions.” reported cybersecurity firm Sansec. “SessionReaper is one of the more severe Magento vulnerabilities in its history, comparable to Shoplift (2015), Ambionics SQLi (2019), TrojanOrder (2022) and CosmicSting (2024). Each time, thousands of stores got hacked, sometimes within hours of the flaw being published.”

An attacker can exploit this vulnerability to take over customer accounts.

The situation is critical, as only 38% of stores are patched and exploit details are already publicly available.

“When we first reported on SessionReaper in September, fewer than one in three Magento stores had been patched. Six weeks later, that figure has barely improved: only 38% of stores are now protected. This means that 62% of Magento stores remain vulnerable to a critical remote code execution attack with publicly available exploit details.” reads the report published by Sancec.

“With exploit details now public and active attacks already observed, we expect mass exploitation within the next 48 hours. Automated scanning and exploitation tools typically emerge quickly after technical writeups are published, and SessionReaper’s high impact makes it an attractive target for attackers.”

SessionReaper matches past major flaws like CosmicSting, TrojanOrder, and Shoplift, which each led to thousands of store breaches within hours.

Sansec blocked over 250 SessionReaper attack attempts on e-commerce sites, with payloads delivering PHP webshells or phpinfo probes from multiple IPs.

Sansec spotted attacks coming from the following IPs:

  • 34.227.25.4
  • 44.212.43.34
  • 54.205.171.35
  • 155.117.84.134
  • 159.89.12.166

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2025-54236)