📄 Magento 2 / Adobe Commerce 2.4.x SessionReaper

This PHP script is a proof of concept exploit targeting Magento for CVE‑2025‑54236, commonly referred to as SessionReaper. It is a PHP port of an original Metasploit module and is designed for security testing...

Magento SessionReaper

This module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execution. The vulnerability stems from improper handling of nested deserialization in the payment method context, combined with an unauthenticated file...

A week in security (October 20 – October 26)

Last week on Malwarebytes Labs: Is AI moving faster than its safety net? Thousands of online stores at risk as SessionReaper attacks spread Apple may have to open its walled garden to outside app stores Meta boosts scam protection on WhatsApp and Messenger Home Depot Halloween phish gives users a...

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in...