🎙️ Premiere! Florian Sydekum und ich starten unseren neuen Podcast: Commerce Champions.
Wir sprechen über Adobe Commerce, Magento Open Source und alles drumherum.
RSS Feed URL:
#AdobeCommerce
I just released the first update of the year for n98-magerun2. Version 9.2.1 is out now!
This release includes: ✨ A handy new feature 🐛 Three bugfixes
Update your tools and check the release notes here: https://magerun.net/release-9-2-0/
Next generation ...
Stay tuned!
Rather than buying useless junk today, how about sponsoring your favorite open source projects?
(Or me at https://github.com/sponsors/JosephLeedy.)
Der 53. Magento Stammtisch Rhein-Main liegt hinter uns. 👋
Persönliche Treffen sind durch nichts zu ersetzen – besonders wenn es um technische Deep-Dives und den Austausch über das Ökosystem geht. Danke an alle, die dabei waren!
Wer wissen möchte, was besprochen wurde und wie mein Fazit ausfällt, findet hier meinen aktuellen Blogpost dazu:
📝 https://muench.dev/post/2025-11-rueckblick-auf-den-53-magento-stammtisch-rhein-main
Angreifer attackieren kritische Lücke in #AdobeCommerce und #Magento | Security https://www.heise.de/news/Angreifer-attackieren-kritische-Luecke-in-Adobe-Commerce-und-Magento-10845752.html #SessionReaper #Adobe #AdobeMagento #Patchday
Today’s fun project was figuring out how tax calculation in #Magento works. After spelunking in the core code all day, I think I put something together that might work. I’ll know tomorrow after I write some integration tests for my logic. 🤞🏽
🚨 CRITICAL: CVE-2025-54236 'SessionReaper' in Adobe Commerce lets remote attackers hijack user sessions without authentication. No active exploits, but EU e-commerce at risk. Enforce strict session controls, monitor activity, prep for patch. https://radar.offseq.com/threat/fear-the-sessionreaper-adobe-commerce-flaw-under-a-4ca43c60 #OffSeq #AdobeCommerce #vuln
🔥 SessionReaper (CVE-2025-54236) exploited in wild! 250+ Magento stores hit via Adobe Commerce REST API flaw—unauth RCE, webshells, account takeover. 62% still unpatched. Patch ASAP, audit uploads, monitor logs. https://radar.offseq.com/threat/over-250-magento-stores-hit-overnight-as-hackers-e-c68791e2 #OffSeq #Magento #AdobeCommerce #Infosec
A dangerous flaw in Adobe Commerce lets hackers hijack customer sessions with zero effort—and 60% of Magento stores are still unpatched. Is your business vulnerable?
#sessionreaper
#adobecommerce
#magento
#cve202554236
#ecommercesecurity
Magento Managed Services for the world's No. 1 cookie brand
Empowering the world’s No.1 cookie brand with 24/7 Magento Managed Services to ensure peak performance, security, and seamless customer experiences.
Watch here: https://go.screenpal.com/watch/cT6b6Rnbxwj
#Magento #ManagedServices #AdobeCommerce #eCommerceSupport #Ziffity
Exploring SEO Friendliness: Is Adobe Commerce Magento CMS SEO Friendly? - https://www.maxsdigitindia.com/is-adobe-commerce-magento-seo-friendly/
Adobe Commerce is SEO-friendly by design, but it’s not “plug-and-play perfect.” Success depends on technical configuration, hosting performance, and ongoing optimization. With proper setup and maintenance, it can support high-ranking, traffic-driving e-commerce sites.
#AdobeCommerce #magento #SEO #searchengineoptimization #mumbai #india #asiaPacific
Discover how we helped a leading cannabis brand migrate seamlessly to Adobe Commerce, boosting performance, scalability, and customer experience.
Learn more: https://go.screenpal.com/watch/cT6DlYnbuGN
#AdobeCommerce #eCommerceMigration #CaseStudy #Ziffity #DigitalTransformation #CannabisIndustry
Version 1.3.0 of Custom Fees for Magento 2 is now available! 🎉
New features include:
✅ Invoiced fees are now tracked for reporting
✅ Support for full or partial fee refunds
✅ The Ordered Fees Report now includes the invoiced and refunded fee amounts
✅ Fees can now be disabled or enabled as needed
https://github.com/JosephLeedy/magento2-module-custom-fees/releases/tag/1.3.0
Like what you see? Give the extension a star on GitHub and help support development by becoming a sponsor!
🚨 Critical Magento & Adobe Commerce Flaw (CVE-2025-54236 – SessionReaper) 🚨
Impact: Customer account takeover + unauthenticated remote code execution (CVSS 9.1 Critical).
👉 Full details and action steps: https://hostvix.com/sessionreaper-critical-magento-adobe-commerce-vulnerability-cve-2025-54236/
#Magento #AdobeCommerce #SessionReaper #CVE202554236 #CVE #Infosec #CyberSecurity #AppSec #WebSecurity #SecOps #BlueTeam #RedTeam #ThreatIntel #Vulnerability #PatchNow #ZeroDay #Exploit #EcommerceSecurity #DataSecurity #SecurityUpdate
⚠️ si tu administres (ou sais que) ton site e-commerce tourne sur Magento / Adobe Commerce : c’est LE moment de le mettre à jour
Une faille critique baptisée SessionReaper (CVE-2025-54236) a été rendue publique. Elle permet à un attaquant, sans aucune authentification, de prendre le contrôle d’une boutique en ligne, d’accéder aux comptes clients… et dans certains cas d’exécuter du code à distance sur le serveur.
👉 En clair : risque important de vol d’infos de paiement, compromission massive de boutiques, déploiement de malwares.
Adobe a publié un patch d’urgence hors calendrier
👇
https://helpx.adobe.com/security/products/magento/apsb25-88.html
⬇️
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
Selon la société spécialisée Sansec:
« Cela n’aide pas que le patch Adobe ait fuité accidentellement la semaine dernière, donc il est possible que des acteurs malveillants travaillent déjà sur un code d’exploitation. »
(https://sansec.io/research/sessionreaper)
Qui est concerné ?
Adobe Commerce (tous déploiements) : 2.4.9-alpha2 et toutes les versions antérieures jusqu’à 2.4.4-p15 inclus
Magento Open Source : mêmes versions affectées
Adobe Commerce B2B : 1.5.3-alpha2 et antérieures jusqu’à 1.3.3-p15 inclus
Module Custom Attributes Serializable : 0.1.0 → 0.4.0
Que faire ?
Appliquer dès que possible le patch 👉 Adobe APSB25-88
Tester vos personnalisations : ce correctif désactive certaines fonctions internes, certains modules tiers risquent de casser
Si vous ne pouvez patcher dans les prochaines heures → activez un WAF (Fastly ou Sansec Shield). Adobe a déjà poussé de nouvelles règles WAF côté Cloud.
⚡ L’historique montre que les failles Magento de ce type (Shoplift 2015, TrojanOrder 2022, CosmicSting 2024…) sont exploitées (en masse) très rapidement et récursivement.
( https://vulnerability.circl.lu/vuln/CVE-2025-54236 )
#Magento #CyberVeille #AdobeCommerce #Cyberveille #CVE_2025_54236
Adobe Commerce is under threat—a new flaw, SessionReaper, lets hackers hijack live sessions like an open front door. Learn why immediate patching is crucial to keep your eCommerce safe.
#sessionreaper
#adobecommerce
#magento
#cybersecurity
#vulnerability
Mage-OS 1.3.1 has just been released with this patch included.
https://mage-os.org/releases/mage-os-1-3-1-is-out/
#AdobeCommerce #Magento #MageOS #Infosec #Security #SessionReaper
Additional information from Sansec, who has nicknamed this vulnerability "SessionReaper":
https://sansec.io/research/sessionreaper
#AdobeCommerce #Magento #MageOS #Infosec #Security #SessionReaper
🚨 A critical security patch was just released by Adobe for all Magento Open Source and Adobe Commerce versions lower than 2.4.9-alpha2! This hotfix patches a hole in the Web API processor that could allow a malicious actor to compromise and take over customer accounts using a specially crafted REST API request.
Don't delay—apply this patch before it's too late!
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst