On May, 31st, Magento team released its last security patch and an upgrade for both Enterprise and Community version of Magento 1 and 2. The SUPEE-9767 patch and the upgrade fix 16 security issues. 7 issues are flagged as High Severity. Read more on Magento Patches.
Majority of these issues need admin access, however, we have seen multiple attacks from hackers to get access to admin accounts (brute force attacks, vulnerable extensions and modules, phishing, etc…).
We strongly encourage you to upgrade your sites immediately from Magento 1 to 22.214.171.124 ASAP. We do prefer to upgrade Magento VS. patching, even if the process takes more time.
As always, we advise you to change URL to admin dashboard (do not use default address /admin/), change admin user login and use strong password.
These security issues are also for Magento 2, so we also encourage you to upgrade to 2.1.7+ ASAP.
Need a Magento team to support you? Contact our Magento developers.