Security Center

Get the latest patches, security updates, and best practices for your Magento sites

New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

See the Details

NEW! Magento Security Scan Tool

Monitor your sites for security risks, update malware patches, and detect unauthorized access with Magento Security Scan, the latest FREE tool from Magento Commerce.

Go to Security Scan

< Security Center

Filter by topic

Tagged:

News

News
Critical Vulnerability in Magestore Store Locator extension
Mar 8, 2019

A critical vulnerability exists in the Magestore Store Locator extension version 1.0.2 (and earlier versions) that could result in unauthorized access to sensitive information. Magento urges customers running this extension to immediately disable this extension or block requests. Read more. 

News
News and updates - Enhanced Bug Bounty Program!
Feb 4, 2019

To better align and help enhance the program, Magento consolidated their Bug Bounty Program with the Adobe program under one umbrella. New changes and opportunities are coming for bug reporters.

News
PEAR Package Manager Compromise
Jan 24, 2019

Maintainers of the PHP Extension and Application Repository (PEAR) have disclosed a breach that resulted in the compromise of the go-pear.phar executable used to install the PEAR installer package manager v1.10.9.

News
Phishing Alert: Do not open email with fake security update
Jan 7, 2019

Phishing Alert: Do not open email with fake security update. Customers who receive one of these emails should delete it immediately without downloading attachments or following hyperlinks that may be included in the message. Read More.

News
Improved Security with reCAPTCHA and Two-Factor Authentication
Jul 18, 2018

Magento is making Google reCAPTCHA and Two-Factor Authentication (2FA) functionality available for Magento Open Source, Commerce, and Commerce (Cloud) v2.1 and v2.2. These features provide enhanced access security.

News
Malware alert: Do not open email with fake patch SUPEE-9789
Apr 24, 2017

Hackers impersonating Magento Commerce have sent an email that contains malware to merchants and agencies using our products. 

News
New Zend Framework 1 Security Vulnerability
Jan 13, 2017

Merchants should check their mail sending settings to protect against a Zend Framework 1 vulnerability.

News
PayPal Security Updates
May 11, 2016

First deadline is approaching for compliance with PayPal security updates.

News
Important New Malware Issue
Mar 16, 2016

A newly-identified malware appears to capture checkout information, including credit card data, from infected sites

News
DROWN Impacts Servers Supporting SSLv2
Mar 3, 2016

A new vulnerability has been identified for servers using SSL and TLS.