Critical Magento Extension Vulnerability Exposes Thousands of Stores to RCE Attacks A severe security flaw in the Mirasvit Cache Warmer plugin for Magento and Adobe Commerce is leaving thousands of online stores vulnerable to remote code execution (RCE) attacks. Tracked as CVE-2026-45247 with a CVSS score of 9.8, the vulnerability allows unauthenticated attackers to execute arbitrary code on affected servers by exploiting improper input handling in the plugin’s caching mechanism. The flaw stems from the plugin’s use of PHP’s `unserialize()` function on user-controlled CacheWarmer cookies, enabling PHP object injection (CWE-502). Since the plugin does not restrict class instantiation during deserialization, attackers can craft malicious payloads to escalate the attack into full RCE, particularly when combined with existing gadget chains in Magento or its dependencies. Key Details: - Affected Software: Mirasvit Cache Warmer (all versions prior to 1.11.12). - Discovery & Disclosure: Identified by Sansec on April 24, 2026, with Mirasvit notified on May 21 and a patch (v1.11.12) released on May 25. - Scope: Sansec estimates at least 6,000 Magento stores are running vulnerable versions, though the actual number may be higher due to CDN masking. - Exploitation Footprint: Malicious requests contain a CacheWarmer cookie with base64-encoded serialized data, often starting with prefixes like Tz, Qz, or YT. Impact & Response: The vulnerability is easily exploitable at scale, with no authentication required. Sansec’s Shield protection blocked attacks for its customers as early as April 24. While Mirasvit has released a patch, security experts warn that exploitation activity is expected to rise following public disclosure. Administrators are advised to upgrade to v1.11.12 immediately or deploy a web application firewall (WAF) as a temporary mitigation. Compromise assessments, including scans for webshells and unauthorized PHP files in the pub/ directory, are recommended to detect potential breaches.

Cybersecurity Roundup: Critical Flaws, Espionage Campaigns, and Major Breaches Recent weeks have seen a surge in high-profile cybersecurity incidents, from long-standing vulnerabilities to sophisticated espionage operations and large-scale data breaches. Critical Vulnerabilities Exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple flaws to its Known Exploited Vulnerabilities (KEV) catalog, including: - A Mirasvit Full Page Cache Warmer flaw, now actively exploited. - Android and Linux Kernel vulnerabilities, posing risks to mobile and enterprise systems. - A SolarWinds Serv-U flaw, adding to the company’s history of supply chain attacks. - A Cisco Unified Communications Manager (CM) bug, with public exploit code now available, heightening urgency for patches. In a separate discovery, researchers identified a four-year-old vulnerability in Zcash’s privacy layer, raising concerns about potential undetected exploitation. Meanwhile, a new VS Code zero-day was publicly disclosed after a researcher lost confidence in Microsoft’s vulnerability handling process. Espionage and Targeted Attacks - Gamaredon, a Russian-linked threat group, exploited a WinRAR vulnerability in a modular spy campaign targeting Ukrainian entities. - A cyber espionage operation breached a stock exchange executive’s Outlook account, underscoring the risks of high-value phishing. - Russia’s FSB reported that foreign intelligence services infected officials’ phones with malware, highlighting state-sponsored surveillance threats. - The Silent Ransom Group (SRG) shifted to DNS fast flux infrastructure, complicating detection and attribution. Data Breaches and Botnet Threats - ShinyHunters leaked data from DentaQuest, exposing 2.6 million individuals after a breach. - A Meta AI recovery tool flaw compromised over 20,000 Instagram accounts, demonstrating risks in authentication systems. - The IoT botnet C0XMO evolved to include competitor-killing capabilities, enabling attacks on rival botnets. Law Enforcement Actions Authorities dismantled nine crime groups linked to illegal streaming, resulting in 29 arrests and disrupting a major piracy ecosystem. Separately, researchers uncovered PCPJack, a 230-node cloud email relay network used for malicious campaigns. These developments reflect the escalating complexity of cyber threats, from zero-days and state-backed espionage to large-scale data leaks and botnet warfare.