A massive supply chain attack has compromised multiple e-commerce platforms, allowing attackers to execute arbitrary PHP code on Magento-based online stores. Sansec identified 21 infected extensions from three software suppliers: Tigren, Magesolution, and Meetanshi. The backdoor enables remote code execution, potentially injecting malicious scripts that steal payment information from unsuspecting website visitors.