The 'PolyShell' vulnerability is actively being exploited, affecting 56% of Magento Open Source and Adobe Commerce installations. Attackers leverage this flaw to execute malicious code on vulnerable systems, potentially compromising sensitive customer data. Security teams should prioritize patching to mitigate risks and monitor for unusual activity in affected environments.
Citrix has released patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway, including a high-severity flaw similar to previous CVEs. These vulnerabilities could allow attackers to execute arbitrary code or bypass authentication. Admins should apply these patches immediately to secure their systems and prevent potential exploitation.
A new phishing campaign is exploiting device code authentication to target over 340 Microsoft 365 organizations across five countries. Attackers abuse OAuth to gain unauthorized access to sensitive information. Security teams must enhance monitoring of OAuth activities and educate users about phishing risks to defend against these sophisticated attacks.
STAY UPDATED
Daily security digest, straight to your inbox.