✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Retail Industry
Breach intelligence, attack campaigns, and threat reports targeting the Retail Industry sector.
Explore Other Sectors
Retail Industry Threat Reports
Cybercriminals Exploit Shop App in Advanced Phishing Attack - June 2026
In June 2026, threat actors exploited Shopify's order-tracking app, Shop, by inserting fraudulent purchase receipts into users' order histories. These fake receipts, impersonating brands like Norton and PayPal, included phone numbers leading to scammers posing as support agents. Victims were deceived into disclosing sensitive information or installing remote access software, facilitating unauthorized access to their devices. This method leverages the inherent trust users place in the Shop app, making the scam particularly effective. This incident underscores a significant evolution in phishing tactics, moving beyond traditional email-based schemes to infiltrate trusted applications directly. The rise of such sophisticated social engineering attacks highlights the urgent need for enhanced security measures and user vigilance within digital platforms.
13 hours ago
Kill Chain
Scattered Spider Hackers Plead Guilty in TfL Cyberattack
In August 2024, Transport for London (TfL) suffered a significant cyberattack orchestrated by the Scattered Spider hacking group, leading to the compromise of personal data for approximately 10 million individuals and causing substantial disruptions to TfL's online services. The attack, executed through sophisticated social engineering tactics, resulted in operational challenges and financial losses for the organization. ([livemint.com](https://www.livemint.com/news/world/transport-for-london-2024-hack-around-10-million-had-their-data-stolen-says-report-11772807389186.html?utm_source=openai)) The recent guilty pleas by key members of Scattered Spider underscore the persistent threat posed by cybercriminal groups employing advanced social engineering techniques. This incident highlights the critical need for organizations, especially those managing essential services, to enhance their cybersecurity measures and remain vigilant against evolving cyber threats.
2 days ago
Kill Chain
ShapedPlugin Supply Chain Attack: A Wake-Up Call for WordPress Security
In May 2026, ShapedPlugin, a WordPress plugin vendor, experienced a supply chain attack where malicious code was injected into their update system. This breach affected three paid plugins—Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro—leading to the installation of fake plugins that impersonated WooCommerce components. These malicious plugins stole credentials and granted attackers remote file-writing capabilities. The compromise was identified in June 2026, prompting ShapedPlugin to initiate an investigation and release updated, secure versions of the affected plugins. This incident underscores the growing trend of supply chain attacks targeting software vendors to distribute malware through legitimate update channels. It highlights the critical need for robust security measures in software development and distribution processes to prevent such breaches.
1 week ago
Kill Chain
OptinMonster WordPress Plugin Hacked in CDN Supply-Chain Attack
In June 2026, a supply-chain attack targeted WordPress plugins OptinMonster, TrustPulse, and PushEngage, all managed by Awesome Motive. Attackers exploited a vulnerability in the UpdraftPlus plugin to access Awesome Motive's marketing server, obtaining credentials for their content delivery network (CDN). They then injected malicious JavaScript into CDN-hosted files, which, when loaded by websites using these plugins, created rogue administrator accounts and installed backdoor plugins, granting full control over the compromised sites. This incident underscores the critical need for robust security measures in third-party integrations and highlights the growing trend of supply-chain attacks targeting widely-used software components.
1 week ago
Kill Chain
Coupang Data Breach 2025: A Wake-Up Call for E-Commerce Security
In June 2025, Coupang, South Korea's leading e-commerce platform, experienced a significant data breach that went undetected until November 2025. The breach compromised personal information of approximately 37.55 million customers, including names, email addresses, phone numbers, delivery addresses, and order histories. Investigations revealed that the breach resulted from inadequate security practices, such as poor authentication key management and insufficient access controls. This incident underscores the critical importance of robust cybersecurity measures in protecting sensitive customer data. The substantial fine imposed by South Korean authorities highlights the growing regulatory focus on data protection and the severe consequences of security lapses for organizations handling large volumes of personal information.
2 weeks ago
Kill Chain
Critical Vulnerabilities in SAP NetWeaver and Commerce Cloud - June 2026
In June 2026, SAP released patches for 15 vulnerabilities, including four critical flaws affecting SAP NetWeaver and SAP Commerce Cloud. The most severe, CVE-2026-44748 (CVSS 9.9), is an XML Signature Wrapping vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, potentially allowing authentication bypass in SAML-based environments. Another critical issue, CVE-2026-27671 (CVSS 9.8), is a memory corruption flaw in SAP NetWeaver/ABAP Platform Application Server ABAP, exploitable without authentication via crafted RFC requests. Additionally, CVE-2026-22732 (CVSS 9.1) impacts SAP Commerce Cloud and SAP Data Hub due to a Spring Security-related vulnerability, and CVE-2026-40128 (CVSS 9.0) is a directory traversal vulnerability in SAP NetWeaver Application Server Java's Web Container. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/?utm_source=openai)) These vulnerabilities underscore the critical need for organizations to promptly apply security patches to prevent potential exploitation. The rise in sophisticated attacks targeting enterprise platforms highlights the importance of maintaining up-to-date systems and implementing robust security measures to safeguard sensitive data and ensure business continuity.
2 weeks ago
Kill Chain
Meta AI Support Exploit Leads to Massive Instagram Account Hijack
In May 2026, attackers exploited a vulnerability in Meta's AI-powered High Touch Support (HTS) system to hijack over 20,000 Instagram accounts. The flaw allowed unauthorized individuals to request password reset links be sent to email addresses not associated with the target accounts, bypassing standard verification processes. This oversight enabled attackers to reset passwords and gain control of accounts lacking two-factor authentication (2FA). High-profile accounts, including those of former President Barack Obama and the U.S. Space Force, were among those compromised. Meta has since patched the vulnerability and is working to secure affected accounts. This incident underscores the risks associated with deploying AI-driven support systems without robust security measures. It highlights the necessity for continuous monitoring and validation of AI functionalities to prevent exploitation. Organizations are urged to implement comprehensive security protocols, including mandatory 2FA, to mitigate similar threats in the future.
2 weeks ago
Kill Chain
Toshiba and Muji Websites Compromised by Malicious Polyfill.io Scripts
In early June 2026, Toshiba and Muji reported unauthorized login prompts appearing on their websites, potentially compromising user credentials. These prompts were linked to the external service polyfill.io, which had previously introduced malicious code in 2024. Both companies advised users who entered their credentials to change their passwords immediately. The issue has since been resolved, with the affected service suspended. This incident underscores the persistent risks associated with third-party services and the importance of regular security audits. Organizations must remain vigilant, especially when integrating external code, to prevent similar vulnerabilities.
2 weeks ago
Kill Chain
Magecart Attack Leverages Stripe API to Steal Credit Card Data
In June 2026, a sophisticated Magecart campaign exploited Stripe's API infrastructure to host and exfiltrate stolen credit card information from e-commerce checkout pages. Attackers injected malicious JavaScript into Google Tag Manager containers, which activated on checkout pages to capture payment data. The stolen data was then obfuscated and stored within Stripe's customer records, effectively using Stripe as a storage backend for the exfiltrated information. This method allowed the skimmer to bypass traditional security measures by leveraging trusted domains like api.stripe.com. This incident underscores the evolving tactics of cybercriminals who now exploit trusted third-party services to conduct attacks, making detection and prevention more challenging. The use of legitimate platforms for malicious purposes highlights the need for continuous monitoring and advanced security measures to protect sensitive customer data.
3 weeks ago
Kill Chain
CISA Highlights Critical Magento Vulnerability CVE-2026-45247 Amid Active Exploitation
In early June 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. This critical vulnerability, with a CVSS score of 9.8, affects Mirasvit's Full Page Cache Warmer extension for Magento 2 versions prior to 1.11.12. The flaw allows unauthenticated attackers to execute arbitrary PHP code on affected servers by sending crafted serialized PHP objects via the CacheWarmer cookie. Exploitation has been observed targeting gaming and business websites, particularly in the U.S., U.K., France, and Australia. Organizations are urged to apply the provided patches by June 6, 2026, and audit for suspicious CacheWarmer cookie values indicative of exploitation attempts. The inclusion of CVE-2026-45247 in the KEV catalog underscores the persistent threat posed by deserialization vulnerabilities in widely used web applications. This incident highlights the importance of timely patching and vigilant monitoring to prevent unauthorized code execution and potential data breaches.
3 weeks ago
Kill Chain
Carnival Corporation's 2026 Data Breach: A ShinyHunters Operation
In April 2026, Carnival Corporation, the world's largest cruise operator, experienced a significant data breach orchestrated by the cybercriminal group ShinyHunters. The attackers employed social engineering tactics to deceive an employee, gaining unauthorized access to the company's IT systems. This intrusion led to the exfiltration of personal data belonging to nearly 6 million individuals, including names, birthdates, genders, and loyalty program details. The breach was publicly disclosed on May 27, 2026, over a month after the initial compromise. ([prnewswire.com](https://www.prnewswire.com/news-releases/carnival-corporation-notice-of-data-breach-302783524.html?utm_source=openai)) This incident underscores the persistent threat posed by sophisticated cybercriminal groups like ShinyHunters, who have been linked to multiple high-profile data breaches in 2026. The delay in disclosure highlights the challenges organizations face in promptly notifying affected individuals, emphasizing the need for robust cybersecurity measures and transparent communication strategies.
3 weeks ago
Kill Chain
Urgent Update: WP Maps Pro Vulnerability (CVE-2026-8732) Threatens WordPress Sites
In May 2026, a critical vulnerability (CVE-2026-8732) was discovered in the WP Maps Pro plugin for WordPress, affecting versions up to and including 6.1.0. This flaw allowed unauthenticated attackers to create administrator accounts by exploiting an insecure AJAX endpoint, leading to potential full site takeovers. The vulnerability stemmed from inadequate nonce protection, making it possible for attackers to bypass authentication mechanisms and gain elevated privileges. The exploitation of this vulnerability underscores the persistent risks associated with third-party plugins in content management systems. It highlights the necessity for website administrators to maintain rigorous update practices and implement robust security measures to mitigate such threats.
3 weeks ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports