Security Center

Get the latest patches, security updates, and best practices for your Magento sites



Apr 28, 2020

Magento is making Content Security Policy available for Magento Open Source and Commerce  v2.3.5-p1. The release of Magento  2.3.5-p1 marks the first phase of our implementation and makes CSP available in report-only mode by default. 

Sep 13, 2019

On September 3, Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP. Read on for impacts and steps for Magento Commerce sites.

Apr 10, 2019

We are aware of reports that phishing attempts are impersonating Magento and are being used for targeted attacks. This misleading phishing email encourages users to click on a link that indicates all users are required to register for an alert platform. Please review this blog for more information.

Mar 8, 2019

A critical vulnerability exists in the Magestore Store Locator extension version 1.0.2 (and earlier versions) that could result in unauthorized access to sensitive information. Magento urges customers running this extension to immediately disable this extension or block requests. Read more. 

Feb 4, 2019

To better align and help enhance the program, Magento consolidated their Bug Bounty Program with the Adobe program under one umbrella. New changes and opportunities are coming for bug reporters.

Jan 24, 2019

Maintainers of the PHP Extension and Application Repository (PEAR) have disclosed a breach that resulted in the compromise of the go-pear.phar executable used to install the PEAR installer package manager v1.10.9.

Jan 7, 2019

Phishing Alert: Do not open email with fake security update. Customers who receive one of these emails should delete it immediately without downloading attachments or following hyperlinks that may be included in the message. Read More.

Jul 18, 2018

Magento is making Google reCAPTCHA and Two-Factor Authentication (2FA) functionality available for Magento Open Source, Commerce, and Commerce (Cloud) v2.1 and v2.2. These features provide enhanced access security.

Apr 24, 2017

Hackers impersonating Magento Commerce have sent an email that contains malware to merchants and agencies using our products. 

Jan 13, 2017

Merchants should check their mail sending settings to protect against a Zend Framework 1 vulnerability.