Magecart zero day attacks
Recently it was brought to light by security researcher Willem de Groot that attackers are making use of unpublished security flaws in about two dozen Magento extensions. The vulnerabilities in these extensions allow the attackers to gain full control over the targeted websites via Remote Code Execution (RCE).
Added checks
The Magereport team has released a check for six of these modules so far. These modules are MadeCache, AjaxProducts, AdvancedReports, Campaigner and Ves_VendorsCredit. If you use any of these modules head over to Magereport and scan your webshop to see if you’re vulnerable to these RCE attacks or not.
Upcoming
Expect more checks for the rest of the modules the coming week.