Originally reported by Security Affairs, Palo Alto Unit 42
TL;DR
Security researchers disclosed the PolyShell vulnerability affecting Magento and Adobe Commerce platforms, enabling unauthenticated file uploads. Concurrent mass exploitation campaigns have compromised over 7,500 Magento sites since February, while threat actors increasingly leverage AI agents for sophisticated retail fraud operations.
The PolyShell vulnerability enables unauthenticated file upload attacks against Magento/Adobe Commerce platforms, coupled with active mass exploitation campaigns affecting over 7,500 sites. This represents significant risk to e-commerce infrastructure with confirmed widespread exploitation.
The e-commerce security landscape faces mounting pressure as researchers uncover critical vulnerabilities in widely-deployed platforms while threat actors adapt AI technologies for sophisticated fraud campaigns.
Sansec researchers disclosed a critical vulnerability in the Magento and Adobe Commerce REST API, designated PolyShell, that permits unauthenticated attackers to upload executable files to vulnerable systems. The flaw affects versions up to 2.4.9-alpha2 and creates additional cross-site scripting (XSS) exposure in legacy deployments.
The vulnerability bypasses authentication mechanisms entirely, enabling remote code execution through malicious file uploads. Given Magento's extensive deployment across e-commerce infrastructure, the attack surface encompasses thousands of online retail platforms processing sensitive customer data and financial transactions.
Adobe has not yet issued patches for affected versions, leaving organizations dependent on workarounds and access controls to mitigate exposure until official remediation becomes available.
Netcraft documented a coordinated defacement campaign that compromised over 7,500 Magento installations since February 27. Attackers deployed plaintext defacement files across more than 15,000 hostnames, directly accessing affected infrastructure to modify site content.
The campaign targeted diverse sectors including e-commerce platforms, global brands, and government services. Analysis suggests primarily opportunistic attacks exploiting known vulnerabilities rather than sophisticated nation-state operations, though the scale indicates coordinated tooling and infrastructure.
The timing correlation between the PolyShell disclosure and ongoing mass compromises suggests potential exploitation of the newly-identified attack vector, though researchers have not confirmed direct linkage between the vulnerability and active campaigns.
Navia Benefit Solutions disclosed unauthorized access affecting 2,697,540 individuals following detection of suspicious activity on January 23, 2026. Investigation revealed attackers maintained persistent access to company systems from December 2025 through January 2026.
The healthcare benefits provider processes sensitive personal and medical information for employer-sponsored benefit programs. Exposed data potentially includes personally identifiable information, healthcare records, and financial details associated with benefit claims and administration.
Navia initiated standard breach response procedures including forensic investigation, system hardening, and regulatory notifications. The extended access period suggests sophisticated attackers capable of maintaining stealth within enterprise environments for extended durations.
Unit 42 researchers documented emerging threat patterns involving AI agents deployed for automated retail fraud operations. Malicious actors leverage agentic AI systems to conduct sophisticated shopping behavior mimicry, bypassing traditional fraud detection mechanisms through human-like interaction patterns.
The research identifies prompt injection techniques specifically designed to manipulate AI shopping assistants and autonomous purchasing systems. Threat actors craft specialized commands that cause legitimate AI agents to execute unauthorized transactions or exfiltrate sensitive customer data.
As retailers increasingly deploy AI-powered customer service and transaction processing systems, the attack surface expands to include prompt manipulation, model poisoning, and automated social engineering campaigns. Traditional fraud detection systems require adaptation to identify AI-generated attack patterns that closely mirror legitimate user behavior.
Originally reported by Security Affairs, Palo Alto Unit 42