Hackers breach software vendor for Magento supply-chain attacks. Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. Magento is a popular open-source eCommerce platform used for building electronic shops, supporting the sale of tens of billions USD worth of goods annually. The intruders took control of FishPig’s server infrastructure and added malicious code to the vendor’s software to gain access to websites using the products, in what is described as a supply-chain attack. Third-party company: FishPig.