Safety Net

Hackers are exploiting a vulnerability in lots of e-commerce sites

Magento and Adobe Commerce sites are affected, but a fix is in the works.
 By 
Alex Perry
 on 
Fish-eye lens view of a computer screen with hacking stuff on it
This is definitely what hacking looks like. Credit: Bill Hinton / Getty Images

Hackers have found their way into a large number of internet e-commerce sites.

This latest cybersecurity threat targets web stores running on the Magento or Adobe Commerce platforms, according to BleepingComputer, which cited the security firm Sansec as first publicizing the exploit. That was just over a week ago, and since Sansec exposed the vulnerability, known as PolyShell, the firm claimed that 56 percent of vulnerable stores have been experienced attacks.

You can check out Sansec's analysis for the full technical details of what's going on, but in the simplest terms possible, it seems hackers have managed to insert a credit card skimmer into the API for Magento, an open-source e-commerce platform acquired by Adobe several years ago. Sansec says it spotted the attack being used on an unnamed "major car manufacturer."


You May Also Like

We have contacted Adobe for comment and will update this story if they respond.

Adobe has released a fix for this in the beta branch of its software, but that doesn't help the presumably vast majority of sites running the non-beta version of the software. Until the fix goes public, this will be an issue for any site running Magento or Adobe Commerce.

Topics Cybersecurity

journalist alex perry looking at a smartphone
Alex Perry
Tech Reporter

Alex Perry is a tech reporter at Mashable who primarily covers video games and consumer tech. Alex has spent most of the last decade reviewing games, smartphones, headphones, and laptops, and he doesn’t plan on stopping anytime soon. He is also a Pisces, a cat lover, and a Kansas City sports fan. Alex can be found on Bluesky at yelix.bsky.social.

Mashable Potato

More from Safety Net

The 6 biggest cybersecurity breaches of 2026 so far
Hand on keyboard


Apple fixes a Beats Studio Buds flaw that could let hackers listen to conversations
By Phil Clark
A case for Beats Studio Buds.

Reddit ads pose as news stories to promote AI investment scams
Reddit logo appears on a smartphone screen

Recommended For You
This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data
Microsoft Copilot mobile app

3 hookup sites that have never been part of a data breach
By Jack Dawes
Blanked out words

Hackers say that Meta AI helped them compromise big Instagram accounts
Instagram logo on smartphone

Polymarket: Hackers stole users' funds
A large computer screen and a phone screen display the Polymarket logo. A small laptop shows a live market feed.

AI's ability to find major software bugs is growing 490% year on year
The visual for Project Glasswing is displayed on a smartphone screen placed on a reflective surface onto which a Claude logo with hexagonal patterns is projected

Trending on Mashable
NYT Connections hints today: Clues, answers for July 13, 2026
Connections game on a smartphone

Wordle today: Answer, hints for July 13, 2026
Wordle game on a smartphone

The new Jackery FridgeGuard can keep your fridge cooling for up to 15 hours: Where to buy after launch
the Jackery FridgeGuard on top of a refrigerator in a kitchen

NYT Strands hints, answers for July 13, 2026
A game being played on a smartphone.

NYT Connections hints today: Clues, answers for July 12, 2026
Connections game on a smartphone
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!