Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016.

A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

Researchers say attackers are embedding malicious code in poorly configured Magento sites that hides stolen payment card data in images.

Researchers estimate thousands of ecommerce sites are under attack by a single threat actor that has infected servers with a web-based keylogger.

New ransomware called KimcilWare is targeting websites running the Magento ecommerce platform, used by the likes of Vizio, Olympus and Nike. According to security experts from the MalwareHunterTeam, hackers exploit vulnerabilities in the Magento ecommerce platform and install the KimcilWare ransomware on the webserver. Once installed, attackers use Rijndael block ciphers to encrypt website files and demanding...

Magento patched 20 vulnerabilities last week, including a stored cross-site scripting (XSS) flaw in the e-commerce platform that could have let an attacker take over a site and create new admin accounts. Researchers at Sucuri dug up the XSS vulnerability while combing through research audits last November. It took a while for Magento to get back to...