Tag: adobe
-
Hotfix für E-Commerce-Plattform – Cyberangreifer können Adobe-Sitzungen übernehmen
Tags: adobeFirst seen on security-insider.de Jump to article: www.security-insider.de/adobe-commerce-plattform-hotfix-sicherheitsluecke-a-5eeda133a8337bde530db369d563b883/
-
Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts
Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. >>The bug, dubbed…
-
Adobe Commerce and Magento users: Patch critical SessionReaper flaw now
app/etc/env.php and injecting malicious JavaScript via the REST API to harvest customer data.Adobe stated in its advisory that no active exploitation of SessionReaper has been observed so far. However, given the history of Magento and Adobe Commerce vulnerabilities, this could change quickly.”SessionReaper is among the most severe Magento vulnerabilities to date, comparable to Shoplift (2015),…
-
Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/adobes-emergency-patch-commerce/
-
Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/adobes-emergency-patch-commerce/
-
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/microsoft-adobe-sap-deliver-critical-fixes-for-september-2025-patch-tuesday/
-
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input…
-
Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/adobes-emergency-patch-commerce/
-
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of ” the most severe” flaws in the history of the product. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/
-
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs
Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
-
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs
Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
PoC Exploit and Technical Analysis Published for Apple 0-Day RCE Vulnerability
A critical zero-click remote code execution vulnerability in Apple’s iOS has been disclosed with a working proof-of-concept exploit, marking another significant security flaw in the company’s image processing capabilities. The vulnerability, tracked asCVE-2025-43300, affects Apple’s implementation of JPEG Lossless Decompression code used within Adobe’s DNG (Digital Negative) file format processing. The Vulnerability Details Security researcherb1n4r1b01has…
-
OAuth-Apps für M365-Phishing missbraucht
Gefälschte OAuth-Apps eröffnen Angreifern neue Wege, um Microsoft-Konten zu kapern.Bedrohungsakteure haben einen neuen, smarten Weg aufgetan, Microsoft-365-Konten zu kompromittieren. Wie Proofpoint herausgefunden hat, erstellen sie dazu zunehmend gefälschte OAuth-Anwendungen, die vertrauenswürdige Brands wie SharePoint und DocuSign imitieren. Die “Originale” dieser Apps nutzen die Identity-Plattform von Microsoft (Azure AD / Entra ID), um auf Daten aus…
-
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks.”The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign,” Proofpoint said in a Thursday report.The First seen on thehackernews.com Jump to…
-
Threat Actors Impersonate Microsoft OAuth Apps to Steal Login Credentials
Tags: adobe, authentication, credentials, cyber, login, malicious, microsoft, phishing, theft, threatThreat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since early 2025, identifying over 50 impersonated applications, including those mimicking RingCentral, SharePoint, Adobe, and DocuSign. These malicious OAuth apps serve as initial lures,…
-
Asus and Adobe vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/asus-and-adobe-vulnerabilities/
-
July 2025 Patch Tuesday forecast: Take a break from the grind
There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/07/july-2025-patch-tuesday-forecast/
-
Adobe wird in Europa von Cyberkriminellen am häufigsten imitiert
Netskope Threat Labs veröffentlicht seinen neuen . Der Bericht deckt auf, dass Phishing zur bevorzugten Methode von Angreifern geworden ist, um Sicherheitskontrollen zu umgehen und auf sensible Umgebungen in Europa zuzugreifen. Die Forscher des Sicherheits- und Netzwerkunternehmens berichten, dass Adobe die Marke ist, die am häufigsten von Cyberkriminellen imitiert wird. Sie taucht in […] First…
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/
-
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM…
-
Adobe und Microsoft sind bei Cloud-Phishing die beliebtesten Marken
Der Bericht Research Report EUROPA von Netskope Threat Labs deckt auf, dass Phishing zur bevorzugten Methode von Angreifern geworden ist, um Sicherheitskontrollen zu umgehen und auf sensible Umgebungen in Europa zuzugreifen. Die Forscher des Sicherheits- und Netzwerkunternehmens berichten, dass Adobe die Marke ist, die am häufigsten von Cyberkriminellen imitiert wird. Sie taucht in fast einem……
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
Severe Adobe Illustrator Flaw Allows Remote Code Execution
Adobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score…
-
Adobe- und DocuSign-Imitation-Attacken – Neue Phishing-Kampagnen missbrauchen OAuth-Apps
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriffe-oauth-umleitungsmechanismen-datendiebstahl-a-67ad0bcf70b4ce0ce1a2e730785b18d5/