Sansec
Sansec is a Dutch e-commerce security research firm specialising in detecting Magento and Shopify supply-chain attacks and malicious extensions.
Last refreshed: 7 June 2026 · Appears in 1 active topic
Which security firm first detected live attacks on Magento stores via the CVSS 9.8 Cache Warmer flaw?
Timeline for Sansec
Logged active attacks against gaming and business sites in US, UK, France and Australia
Cybersecurity: Threats and Defences: Magento RCE forces 9-day patch race- What does Sansec do in cybersecurity?
- Sansec is a Dutch e-commerce security firm that detects and investigates Magecart attacks — campaigns that plant malicious scripts on online store checkout pages to steal payment card data. It monitors thousands of Magento and Shopify stores globally, publishes vulnerability research, and coordinates disclosures with vendors and government agencies including CISA.Source: Sansec.io
- How did Sansec detect the Magento Cache Warmer exploit?
- Sansec's continuous threat telemetry across Magento storefronts flagged anomalous PHP execution patterns consistent with object-injection exploitation of the Mirasvit Cache Warmer extension. The firm confirmed active attacks against gaming and business sites in the US, UK, France and Australia before the CISA KEV listing on 3 June 2026.Source: The Hacker News / CISA
- What is a Magecart attack and how does Sansec track them?
- A Magecart attack plants a malicious JavaScript snippet on an e-commerce site's checkout page to capture card numbers in real time. Sansec tracks Magecart by monitoring HTML/JavaScript changes across a large set of Magento and other e-commerce storefronts, correlating injections to known attacker infrastructure.Source: Sansec research
- Is Sansec a reliable source for e-commerce vulnerability disclosures?
- Sansec has a track record of coordinated disclosure with Adobe, Magento, and CISA, and its threat telemetry has been cited as evidence in multiple CISA KEV listings. Its June 2026 confirmation of active CVE-2026-45247 exploitation contributed to the 6 June federal deadline for US agencies.Source: CISA KEV catalogue
Background
Sansec is a Dutch cybersecurity company focused exclusively on e-commerce security, best known for its research into Magecart attacks, the class of web-skimming campaigns that steal payment card data from online checkout pages. The firm maintains proprietary threat telemetry across global Magento and Shopify storefronts, and regularly publishes disclosure-grade vulnerability research coordinated with platform vendors and CISA.
In June 2026, Sansec was one of the two firms (alongside Imperva) that confirmed active exploitation of CVE-2026-45247 in the Mirasvit Cache Warmer extension for Magento 2 and Adobe Commerce, observing live attacks against gaming and business sites in the United States, the United Kingdom, France and Australia within the nine-day window between Adobe's 25 May patch and CISA's 3 June KEV listing. Sansec's telemetry formed part of the evidentiary basis for the federal mandate.
Sansec's significance in the broader cyber-threat landscape stems from the e-commerce sector's structural vulnerability: Magento's third-party extension ecosystem gives attackers a wide, poorly-audited attack surface that sits outside the core platform's security review. Sansec's longitudinal monitoring of this surface, which includes thousands of storefronts globally, means it typically detects exploitation campaigns before mainstream vulnerability disclosure, giving it recurring influence on CISA KEV timelines and coordinated vendor patch cycles.