Hacking
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS…
U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities…
Russia-linked actors target WhatsApp and Signal in phishing campaign
Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat…
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy…
Pro-Iranian Nasir Security is targeting energy companies in the Gulf
Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is…
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access.…
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group…
Recent Navia data breach impacts HackerOne employee data
A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that…
