Tag: commerce
41 articles

CAPI Backdoor Exclusive Risky Threat to Russian Firms
Think that invoice is harmless? Seqrite Labs found phishing ZIPs delivering a new .NET CAPI Backdoor that uses Windows crypto to hide C2 activity and is targeting Russian automotive and e‑commerce firms—so double‑check attachments and tighten defenses.

unmonitored JavaScript: Must-Have Fixes for Secure Holidays
This holiday season, tiny unmonitored JavaScript snippets are letting attackers skim cards and siphon credentials right from checkout pages while WAFs and IDS stay blind. Retailers need client‑side monitoring, script integrity checks, and tighter third‑party controls now — or risk thousands of compromised customers and shattered trust.

Digital fraud: Stunning Costly Threat to Revenue
Nearly one in every thirteen dollars disappears to digital fraud—TransUnion says it costs companies 7.7% of revenue (about $534 billion globally). That’s a hidden tax on growth, trust and margins that demands smarter defenses.

supply chain breach: Risky Harrods Alert — Must-Read
If you shopped online at Harrods, a supply‑chain breach may have exposed customer data — a reminder that even luxury brands aren’t immune when a trusted vendor is compromised. Check your accounts, enable MFA, and watch for phishing while retailers tighten vendor security and transparency.

SessionReaper: Must-Have Patch for Critical Risk
Adobe just released an emergency patch for the critical SessionReaper flaw in Magento that can let attackers hijack customer sessions or run code—if you run Magento, update immediately. After patching, review logs, lock down admin interfaces, and audit extensions to ensure you weren’t compromised.

CVE-2025-54236: Must-Fix Critical Takeover Threat
If you run Adobe Commerce or Magento Open Source, treat CVE-2025-54236 (SessionReaper) as urgent—apply the vendor patch, rotate sessions and enforce MFA now to prevent account takeover. Customers should reset passwords and monitor accounts until sites confirm fixes.

website after cyberattack: Risky Stunning Supply Outage
What do you do when the system that tells retailers what’s on the shelf goes dark? Stock in the Channel pulled its site after a cyberattack — saying customer data appear safe but providing no forensic report or timeline — leaving partners scrambling with manual checks, delayed orders and shaken trust.

fake receipt generators: Must-Have Guide to Risky Fraud
Fake receipt generators are fueling a worrying surge in online fraud by letting anyone create convincing proofs of purchase in minutes, putting buyers, sellers, and marketplaces at risk. Stay vigilant—verify sellers, use protected payments, and push for stronger platform safeguards to keep online commerce trustworthy.

Retail cybersecurity threats: Essential Best Defenses
Retailers are now prime targets for attacks on payment systems, customer data, and supply chains — this guide explains why the risk is rising and gives practical, prioritized defenses you can implement now to protect revenue, reputation, and customers.

Quantum cryptography: Stunning Simplicity, Best Defense
Quantum computing is forcing a rethink: do we chase mathematically dazzling but fragile schemes, or choose clear, well-tested algorithms that actually protect real systems? Peter Gutmann’s blunt critique of NIST’s post‑quantum work is a wake‑up call to prioritize simplicity, transparency, and deployability alongside theoretical strength.

Legal Metrology: Must-Have Guide to Best Digital Standards
As sensors, algorithms and cloud services replace needles and balances, legal metrology must modernize to keep commerce fair and consumers safe—this practical guide lays out the digital standards, tools and steps regulators, developers and businesses need for transparent, auditable measurements. Learn how to balance innovation with enforceable rules—from cryptographic attestation and continuous conformity to clear consumer verification—so technology builds trust, not confusion.

Hundreds of Malicious Domains Registered Ahead of Prime Day
Hundreds of malicious domains have been registered in anticipation of Prime Day, posing significant risks to online shoppers. Stay vigilant!

Counterfeit Alert: Fake Chinese Websites Imitate Retail Brands
Stay vigilant against counterfeit scams as fake Chinese websites mimic popular retail brands, putting your purchases and personal info at risk.

Phishing Scammers Innovate with Callback Tactics
Discover how phishing scammers are evolving with innovative callback tactics to deceive victims and bypass security measures. Stay informed, stay safe.

UNFI Recovers Core Systems Following Cyberattack on Whole Foods Supplier
UNFI restores core systems after a cyberattack impacting Whole Foods supply chain, ensuring operational stability and data security for customers.

Ransomware Attacks Decrease in May Amid Ongoing Retail Threats
Ransomware attacks dropped in May, yet retail sectors remain vulnerable to ongoing cyber threats. Stay informed on the latest security trends.

Rogue WordPress Plugin Exploits Malware Campaign to Steal Credit Card Information
Rogue WordPress plugin exploits vulnerabilities to launch a malware campaign, targeting sites to steal credit card information from unsuspecting users.

More Than 50% of Online Shopping Traffic Comes from Bots
Discover how over 50% of online shopping traffic is generated by bots, impacting e-commerce strategies and shaping the digital retail landscape.

Exploit of WordPress Motors Theme Leads to Widespread Admin Account Hijacking
Critical vulnerability in WordPress Motors Theme exposes admin accounts to hijacking, prompting urgent security measures for affected sites.

DuckDuckGo Enhances Scam Protection to Combat Fake Stores and Cryptocurrency Scams
DuckDuckGo boosts scam protection features to tackle fake stores and cryptocurrency scams, ensuring safer online browsing for users.

Paddle Settles Tech Support Scam Claims for $5 Million
Paddle agrees to a $5 million settlement over claims related to a tech support scam, addressing consumer concerns and reinforcing compliance.

Dark Links: The Rise of the Underground Hacklink Market and SEO Poisoning Attacks
Explore the underground hacklink market, a hidden realm of SEO manipulation where backlinks are bought and sold to boost website rankings.

Victoria’s Secret Reclaims Core Systems Following Cyberattack
Victoria’s Secret reclaims its core systems after a cyberattack, enhancing security and restoring seamless operations amid heightened digital threats.

Global Service Disruptions Affect Google Cloud and Cloudflare
Global service disruptions impact Google Cloud and Cloudflare, leading to widespread outages and performance issues. Stay informed on fixes.