// #php

2 articles

CVE-2026-45247 in the Mirasvit Full Page Cache Warmer illustrates a structural security problem in the Magento ecosystem: eCommerce site security is determined not just by the core platform version, but by every third-party extension installed. This guide covers how to assess and reduce the Magento extension attack surface.

Jun 4, 2026 #magento +7

💻 AppSec

DPRK's Contagious Interview Campaign Spreads 1,700+ Malicious Packages Across Five Ecosystems

North Korea's UNC1069 (BlueNoroff) threat group has expanded its Contagious Interview supply chain operation to five package registries — npm, PyPI, Go Modules, crates.io, and Packagist — publishing more than 1,700 malicious packages that deliver a cross-platform infostealer and RAT. The operation is the largest coordinated open-source supply chain attack attributed to a nation-state actor.

Apr 10, 2026 #north-korea +13

Magento Extension Supply Chain Risk: CVE-2026-45247 and the Third-Party Plugin Attack Surface

DPRK's Contagious Interview Campaign Spreads 1,700+ Malicious Packages Across Five Ecosystems