164/69 Monday, March 23, 2026 Cybersecurity firm Sansec has disclosed a vulnerability in the REST API of Magento and Adobe Commerce that allows attackers to upload malicious files to affected systems without authentication. The flaw, dubbed PolyShell, impacts versions from the earliest releases up to 2.4.9-alpha2. In older versions (below 2.3.5), the issue may also […]
163/69 Monday, March 23, 2026 Google has announced a new security feature called Advanced Flow for Android users who install applications from external sources (APK sideloading) or from unverified developers. This measure is designed to address the growing threat of cyber scams and malware. According to the Global Anti-Scam Alliance (GASA), global losses from scams […]
162/69 Friday, March 20, 2026 Security researchers have identified a new iOS exploit kit named DarkSword, which leverages six vulnerabilities-CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520-to bypass sandbox restrictions, escalate privileges, and execute remote code on iPhones. The attack chain begins through the Safari browser, combining multiple exploits to gain kernel read/write access before deploying […]
161/69 Friday, March 20, 2026 Intuitive has disclosed a data breach caused by a targeted phishing attack, in which threat actors successfully compromised an employee account and used it to gain access to internal systems. As a result, certain data was accessed without authorization, including customer contact information, employee data, and corporate business information. The […]
160/69 Friday, March 20, 2026 Aura, a provider of digital security and identity protection services, has confirmed a major data breach after the cybercrime group ShinyHunters publicly released approximately 12GB of data following failed negotiations. The leaked dataset contains more than 900,000 records, which Aura stated are primarily marketing-related data inherited from a company it […]
159/69 Thursday, March 19, 2026 Companies House has confirmed a critical security vulnerability in its WebFiling service, potentially putting data from more than 5 million registered companies at risk. The flaw was discovered by researchers from Ghost Mail on March 12, 2026, but investigations revealed that the issue had been present in the system since […]
158/69 Thursday, March 19, 2026 U.S.-based medical technology company Stryker Corporation has disclosed a cyberattack targeting its internal Microsoft-based systems, resulting in remote data wiping across numerous employee devices without evidence of malware deployment. The company stated that its medical devices and customer-facing products remain unaffected, although its electronic ordering systems are currently unavailable, requiring […]
157/69 Thursday, March 19, 2026 Apple has introduced a new security mechanism called “Background Security Improvements” to address a critical vulnerability in WebKit (tracked as CVE-2026-20643), discovered by researcher Thomas Espach. The flaw affects users of iPhone, iPad, and Mac, and stems from an issue in the Navigation API, which could allow malicious websites to […]
156/69 Wednesday, March 18, 2026 Microsoft has temporarily removed the Samsung Galaxy Connect application from the Microsoft Store after reports of a critical issue affecting users of Samsung Galaxy Book 4 devices and certain desktop computers running Windows 11. Affected users encounter the error message “C:\ is not accessible – Access denied,” which prevents access […]
155/69 Wednesday, March 18, 2026 Researchers from the Cofense Phishing Defense Center have uncovered a new phishing technique in which attackers leverage LiveChat, a SaaS-based communication tool, to impersonate well-known brands such as Amazon and PayPal and interact with victims in real time. This approach significantly increases the credibility of the scam and helps bypass […]
