At least one undisclosed e-commerce site (running Adobe Commerce / Magento 2)
October 22, 2025
•[ vulnerability, account takeover, skimming ]
Observed active attempts to hijack Magento/Adobe Commerce sessions via the SessionReaper flaw weeks after patches, enabling account takeover, checkout abuse, and skimmer deployment on e-commerce sites. This is broad criminal monetization activity against many sites; no single named victim with a confirmed primary effect, so not recorded as a discrete event.
Multiple Magento e-commerce stores
April 10, 2025
•[ supply-chain attack, e-commerce, data leak ]
Between 500 and 1,000 online stores using third-party Magento extensions were compromised in a supply-chain attack that inserted backdoors allowing remote code execution and possible payment-data theft; incident discovered in April 2025.
