Expand intel coverage and refresh monitoring

07-framework-security/ecommerce/magento-open-source/INDEX.md

@@ -5,14 +5,14 @@
 - 系统 ID: `magento-open-source`
 - 分类: `ecommerce`
 - 覆盖策略: `history-full`
-- 总案例数: `101`
+- 总案例数: `89`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `101`
-- 最近渲染时间: `2026-03-18T18:33:45+00:00`
+- 待人工/缺浏览器证据: `89`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 
 ## 目标约束
 
@@ -124,15 +124,3 @@
 | Issues 
            1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Adobe Commerce merchants to be hit with TrojanOrders this season   2022-11-15  At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November.   skimming   trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
-| Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087)   2022-02-14  Adobe has released two emergency patches for a critical vulnerability in Magento 2. You need to apply both patches, in order. The vulnerability allows unauthenticated remote code execution (RCE), which is the worst possible type. Actual abuse has already been reported. To illustrate the severity,...   skimming   trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| ConnectPOS leaked Github secrets for years   2026-01-12  Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code.   skimming   supply-chain   magento   connectpos   +2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Visbot malware found on 6691 stores [analysis]   2016-12-01  Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it from spreading. We conducted a global research into 300.000 Magento stores and found active Visbot i...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Magento vendor Fishpig hacked, backdoors added   2022-09-13  Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Sansec found that attackers have injected malware in Fishpig software and taken control of Fishpig servers. Online stores running Fishpig software may now have the "Rekoobe" malware installed on their servers,...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| PHP tool 'Adminer' leaks passwords   2019-01-17  Update 2019-01-20: the root cause is a protocol flaw in MySQL. Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Attackers can abuse that to fetch passwords for popular apps such as Magento and Wordpress, and gain con...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| NaturalFreshMall: a Magento Mass Hack   2022-02-08  An investigative report by Sansec researchers on how one vulnerable Magento extension leads to a mass web store attack, with Magecart attackers using naturalfreshmall.com to hide and serve malware to 500+ ecommerce websites.   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
-| Hackers breached Magento through helpdesk   2017-12-28  Magento merchants have recently received messages like this: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- knockers@yahoo.com Upon closer examination, the message contains a specially crafted sender that contains an XSS attack: an attempt to...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
-| Is your store’s newsletter being used for phishing?   2023-11-10  Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento admin account was exploited to launch a phishing campaign through the platform's newsletter system, re...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
-| Will Magento 1 stay PCI compliant?   2020-05-08  Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadline is not feasible. Merchants want to know: Will my Magento 1 store still be secure after July 1st...   skimming   magento 1   pci | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |