MUST READ

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

 | 

7,500+ Magento sites defaced in global hacking campaign

 | 

Navia data breach impacts nearly 2.7 Million people

 | 

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

 | 

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

 | 

French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

 | 

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

 | 

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

 | 

DarkSword emerges as powerful iOS exploit tool in global attacks

 | 

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

 | 

Russia establishes Vienna as key western spy hub targeting NATO

 | 

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

 | 

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

 | 

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

 | 

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

 | 

Tracking the Iran War: A Month of Escalation and Regional Impact

 | 

EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

 | 

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

 | 

CL-STA-1087 targets military capabilities since 2020

 | 

PolyShell

Pierluigi Paganini March 21, 2026
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Security / March 21, 2026

7,500+ Magento sites defaced in global hacking campaign

Hacking / March 20, 2026

Navia data breach impacts nearly 2.7 Million people

Data Breach / March 20, 2026

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Security / March 20, 2026

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

Cyber Crime / March 20, 2026