Undisclosed Korean financial institutions
November 25, 2025
•[ ransomware, supply-chain attack, data leak ]
Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
Multiple Magento e-commerce stores
April 10, 2025
•[ supply-chain attack, e-commerce, data leak ]
Between 500 and 1,000 online stores using third-party Magento extensions were compromised in a supply-chain attack that inserted backdoors allowing remote code execution and possible payment-data theft; incident discovered in April 2025.
Multiple e-commerce stores using Magento extensions
April 1, 2025
•[ supply-chain attack, malware, webshell ]
Supply-chain compromise of 21 Magento extensions backdoored since 2019, activated in April 2025; between 5001,000 e-stores impacted; at least one webshell observed.
