![1ZRR4H's tweet photo. Server with #opendir 213.109.147[.]108:4242 (now disabled) had an exploit for #CosmicSting (aka CVE-2024-34102), an Unauthorized XXE that combined with CVE-2024-2961 allows RCE in Magento and Adobe Commerce stores.
On the server there was a TXT file with about 3900 vulnerable/compromised domains. Expected database theft, malicious script injection and/or malware distribution among other things.
More info about this threat by @sansecio : https://t.co/ZuTXm1PegE](https://pbs.twimg.com/media/GXAFevZWUAA5vDH.png)
Olivia
Online
Sansec
@sansecio
Experts in ecommerce security. Helping merchants in times of peril. Tracking large scale digital skimming since 2015. PGP key 9D0D094CD2C7E669
Amsterdam
Joined February 2019
16 Following
1.7K Followers
439 Posts
Critical FunnelKit vulnerability threatens 40,000+ WooCommerce checkouts. We're already seeing exploitation in the wild.
https://t.co/0StWJ9m6pf
🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.
Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.
PoC is public. Patch now.
Details → https://t.co/cNYlLIs9xA
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) - https://t.co/RNArR1SEk4 - @Adobe @assetnote @SLCyberSec @sansecio #Ecommerce #Vulnerability #Cybersecurity #CybersecurityNews
🚨 SessionReaper (CVE-2025-54236) is now actively exploited while 62% of Adobe Commerce/Magento stores remain unpatched. We expect automated mass attacks within 48 hours. https://t.co/Po4qMTgAb6
Exceptionnally back on X for that. If you are a Magento or Adobe Commerce user, patch as soon as possible - the patch of my bug will be released imminently.
This has one of the most severe impact possible, and is easy to trigger. Expect attacks, very soon.
#magento #ecommerce
Urgent: Adobe will drop critical patch tomorrow, outside of regular patch cycle. Fixes SessionReaper attack, affects Adobe Commerce / Magento 2.3.1+. Concept patch accidentally leaked.
https://t.co/Yh8yL4e3s5
3000 stores just got hit with the "statepulseapp[.]com" skimmer, injected by Group Laski. Sansec is the only vendor that recognises it:
https://t.co/0ig9zQ79Qa
![sansecio's tweet photo. 3000 stores just got hit with the "statepulseapp[.]com" skimmer, injected by Group Laski. Sansec is the only vendor that recognises it:
https://t.co/0ig9zQ79Qa https://t.co/rPjxdChtAu](https://pbs.twimg.com/media/GcQtUWEXkAAkk1f.jpg)
Just published a new @integer_net module: Sansec Watch integration for Magento 2
https://t.co/QwbNgqSRLF
Our research was covered by @lorenzofb of @TechCrunch @ https://t.co/hhCqXTSOTD
Our whole investigation started after @sansecio & @gwillem reported on the polyfill[.]io supply chain compromise. A company called "FUNNULL" out of China were behind it. But wait, we know them?? 👀
😬 More than 2000 Magento stores hacked by Peschanki group in the last 20 hours and they're not slowing down.
☞ largest automated hack of Magento stores ever
☞ 6.8% of all Adobe Commerce / Magento stores worldwide hacked via CosmicSting exploit
Beware: Group Peschanki hacks over 350 new stores in the last 5 hours #cosmicsting #magento
https://t.co/TqR6ng34d0
🚨 The number of hacked stores in this campaign surpassed 1,000 overnight, with no sign of slowing down.
Beware: Group Peschanki hacks over 350 new stores in the last 5 hours #cosmicsting #magento
https://t.co/TqR6ng34d0
Beware: Group Peschanki hacks over 350 new stores in the last 5 hours #cosmicsting #magento
https://t.co/TqR6ng34d0
Say hi to Laski, the 8th CosmicSting attack group, using fake maintenance pages on deslgnhq[.]com and others.
Fun fact: their infra went down several times, likely because they couldn't keep up with the high traffic hijacked stores.
IOCs here https://t.co/6V0946nzRy
![sansecio's tweet photo. Say hi to Laski, the 8th CosmicSting attack group, using fake maintenance pages on deslgnhq[.]com and others.
Fun fact: their infra went down several times, likely because they couldn't keep up with the high traffic hijacked stores.
IOCs here https://t.co/6V0946nzRy https://t.co/iYpkpBAfl7](https://pbs.twimg.com/media/GZNFxF9WAAAG4h8.jpg)
Solid activity in our threat intel repo. Still no match for the incredible @500mk500 though, that guy is killing it
Sansec is proud sponsor of Ecommerce Camp Birmingham at Oct 24th!
https://t.co/hqE64hEYT8
Server with #opendir 213.109.147[.]108:4242 (now disabled) had an exploit for #CosmicSting (aka CVE-2024-34102), an Unauthorized XXE that combined with CVE-2024-2961 allows RCE in Magento and Adobe Commerce stores.
On the server there was a TXT file with about 3900 vulnerable/compromised domains. Expected database theft, malicious script injection and/or malware distribution among other things.
More info about this threat by @sansecio : https://t.co/ZuTXm1PegE
![1ZRR4H's tweet photo. Server with #opendir 213.109.147[.]108:4242 (now disabled) had an exploit for #CosmicSting (aka CVE-2024-34102), an Unauthorized XXE that combined with CVE-2024-2961 allows RCE in Magento and Adobe Commerce stores.
On the server there was a TXT file with about 3900 vulnerable/compromised domains. Expected database theft, malicious script injection and/or malware distribution among other things.
More info about this threat by @sansecio : https://t.co/ZuTXm1PegE](https://pbs.twimg.com/media/GXAFh4TW8AAJVNS.jpg)
Magento patch day! https://t.co/D68X4ktB6z with a RCE by me, start updating guys!
@Furan917 Thanks Francis 🙌 we have updated the article.
🚨 CosmicSting attacks have started hitting major stores, with 3 to 5 stores being hacked every hour. Merchants might still be at risk despite patching. We cover some additional mitigation steps 👉
https://t.co/kt9jFyfyMt
Last Seen Users on Sotwe
Turbanlim
Seen from Turkey
ชอบสาวแก่ รุ่นแม่ยาย
Seen from Thailand
سالب ناعم ابيض
Seen from Algeria
gabaxe 
Seen from Chile
Guatemala
Seen from Guatemala
ensestpasif
Seen from Poland
M 🔞🔥
Seen from United Kingdom
Chapin502.
Seen from United States
TEY SELLER
Seen from Brazil
الحلوة 💋 - لعروض التعاون و ترويج التطبيقات💸
Seen from Saudi Arabia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers