The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.
While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.
