PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks Pierluigi Paganini March 21, 2026 Sansec found a Magento...
Security
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity...
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security...
7,500+ Magento sites defaced in global hacking campaign
7,500+ Magento sites defaced in global hacking campaign Pierluigi Paganini March 20, 2026 Hackers defaced 7,500 Magento sites since Feb...
Your SIEM Isn’t Broken. Your Investigation Layer Is Missing.
73% of security leaders are evaluating SIEM alternatives. Here’s why they’re asking the wrong question. The cybersecurity industry has...
BSidesSLC 2025 – Security Con For Dummies – An Intro
Author, Creator & Presenter: Bryson Loughmiller – Principal Platform Security Architect At Entrata Our thanks to BSidesSLC for publishing...
Randall Munroe’s XKCD ‘Plums’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink *** This is a Security...
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a...
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed...
Apple Mail’s ‘Trusted Sender’ Label Misused in New Phishing Scheme
Image: Generated via Google’s Nano Banana A new phishing scam is raising concerns after reports showed that Apple Mail can...
6 Best Open Source Password Managers for Windows in 2026
This guide is for Windows users who prefer open-source solutions and want a clear, practical overview of the best open-source...
BSidesSLC 2025 – Getting Things Fixed – Keynote On Security Wins (And Fails)
Author, Creator & Presenter: Scott Piper – Principal Cloud Security Researcher at Wiz Our thanks to BSidesSLC for publishing...
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge Pierluigi Paganini March 20, 2026 Apple warns...
Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators
Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators Pierluigi Paganini March 20, 2026 DoJ disrupted IoT botnets’ C2...
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Ravie LakshmananMar 20, 2026Web Security / Vulnerability Sansec is warning of a critical security flaw in Magento's REST API that...
