Bleeping Computer

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source ...
Dark Reading

Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw

Attackers have been exploiting a critical flaw in the WordPress WooCommerce Payments plug-in in a spate of attacks over the last few days that peaked at 1.3 million attempts against 157,000 sites on ...

WooCommerce May Gain Sidekick-Type AI Through Extensions

Automattic's James LePage shares AI features coming soon to WooCommerce, including Sidekick-type functionality delivered via extensions.
Bleeping Computer

WooCommerce admins targeted by fake security patches that hijack sites

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. Recipients that take the ...