Many serious vulnerabilities
The holiday season typically sees a predictable spike in online attack activity, but in 2025, the volume of newly created malicious infrastructure, account compromises, and targeted exploitation of e-commerce systems will be significantly higher, according to Fortinet cybersecurity experts Bhumit Mali and Aamir Lakhani.
Attackers began preparing months ago, leveraging industrialized tools and services that allowed them to scale their attacks across multiple platforms, geographies, and vendor portfolios.
FortiGuard Threat Research analyzed data from the past three months to identify the most significant patterns shaping the attack surface during the 2025 holiday season. FortiGuard’s findings reveal a clear trend: Attackers are moving faster, automating more, and taking full advantage of the increase in seasonal activity.
One of the most obvious signs of attacker activity is new domain registrations. FortiGuard has identified more than 18,000 holiday-themed domains registered in the past three months that reference terms like “Christmas,” “Black Friday,” and “Flash Sale.” At least 750 of these have been confirmed to be malicious. This suggests that many domains are still considered benign. And that could be a potential risk.
At the same time, FortiGuard also noted an increase in domains imitating major retail brands. Attackers registered more than 19,000 e-commerce-themed domains, of which 2,900 were malicious. Many of the new domains mimic familiar domain names, and often involve only minor changes that are easily overlooked by shoppers who are surfing the web at high speeds.
The report also shows a significant increase in the availability and use of stolen logs. Over the past three months, more than 1.57 million login accounts linked to major e-commerce sites were made available through stolen logs collected on underground markets.
Stolen account information contains passwords, cookies, session tokens, autofill data, and system fingerprints stored in browsers. During the holiday season, users log into multiple accounts on multiple devices, making this information especially valuable.
The report also notes ongoing “holiday sales” on card and CVV data sets. Threat actors are using “Black Friday”-style promotions to push stolen financial data at discounted prices, fueling the increase in fraud.
Attackers are actively exploiting vulnerabilities in Adobe/Magento, Oracle E-Business Suite, WooCommerce, Bagisto, and other popular e-commerce platforms. Three prominent vulnerabilities are:
CVE-2025-54236 (Adobe/Magento); CVE-2025-61882 (Oracle EBS); CVE-2025-47569 (WordPress WooCommerce Gift Card Plugin).
Across multiple platforms, vulnerabilities in plugins, templates, and API validation are allowing hackers to steal payment information, exploit XSS, escalate privileges, and upload unauthorized files.
Magecart-style JavaScript injection attacks remain one of the most persistent and damaging threats, allowing attackers to steal payment information directly from checkout pages.
What actions should businesses and users take?
The findings reveal a clear pattern: Attackers are operating with greater speed, automation, and commercial organization. The surge in cyber activity typically seen during the holiday season is now combined with large data breach ecosystems, widespread AI tools, and widespread vulnerabilities in e-commerce infrastructure.
For CISOs, anti-fraud teams, and e-commerce leaders, this is not a temporary challenge limited to the holiday season. It reflects broader trends in attack tools and monetization that will continue into 2026.
Given this reality, organizations need to fully update all technology platforms across e-commerce, plugins, themes, and third-party integrations; and remove any unused content.
Enforce HTTPS encryption everywhere and secure session cookies, admin pages, and payment flows. Require Multi-Factor Authentication (MFA) on admin and high-risk accounts, and enforce a strong password policy.
Use bot management, rate limiting, and anomaly detection tools to minimize login abuse.
Monitor for fraudulent or similar domains impersonating your brand and promptly handle takedowns.
Scan for unauthorized script changes and implement controls to detect fraud or skimmers on checkout pages.
Centralize log audits to monitor for suspicious administrative actions, session hijacking, or unusual database access. Ensure your fraud, security, and customer support teams follow a common cybersecurity incident escalation roadmap throughout the holiday season.
Users should double-check website addresses before entering login or payment information. Use a trusted credit card or payment processor that offers fraud protection. Enable Multi-Factor Authentication (MFA) on shopping, email, and banking accounts. Avoid using public Wi-Fi or use a VPN when making purchases or managing financial accounts.
Be wary of unsolicited messages and unrealistic promotions, especially those related to delivery or discounts.
Fortinet security solutions now provide multiple layers of protection against the malware techniques, infrastructure, and activities outlined in this report. FortiGate, FortiMail, FortiClient, and FortiEDR all support the FortiGuard Antivirus Service, which detects and blocks malicious files, payloads, and log-stealing malware families used in multiple campaigns this holiday season. Customers running updated versions of FortiGuard protection will be protected across their entire network, endpoints, and email.
FortiMail plays a central role in stopping phishing attempts involving fake promotions, fraudulent stores, and delivery scams. FortiMail identifies and quarantines malicious URLs, spoofed sender domains, and credential-collection forms commonly used to target holiday shoppers and retail employees.
In addition, Fortinet's Security Awareness and Training Services, along with the FortiPhish phishing simulation platform, help organizations strengthen their human defenses...
Source: https://doanhnghiepvn.vn/kinh-te/tieu-dung/cac-moi-de-doa-an-ninh-mang-hang-dau-mua-le-hoi-2025/20251205052612895
![[Photo] Cat Ba - Green island paradise](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F04%2F1764821844074_ndo_br_1-dcbthienduongxanh638-jpg.webp&w=3840&q=75)
![[VIMC 40 days of lightning speed] Da Nang Port: Unity - Lightning speed - Breakthrough to the finish line](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/04/1764833540882_cdn_4-12-25.jpeg)
Comment (0)