The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk.

IBM QRadar SIEM: SSH sessions can be compromised

According to a warning notice, App Connect Enterprise is vulnerable through a total of three vulnerabilities. One of these vulnerabilities is considered “ critical ” (CVE-2026-25896). Attackers can ...

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.
Biometric Update

Aura breach and AI companion app flaws sharpen privacy fears

A new security report on AI companion apps is drawing attention because it arrives as an identity protection company is dealing with a data exposure incident.
Cybernews

Your AI girlfriend might be telling hackers everything about you

Millions are turning to AI for intimacy, but the same digital lovers may be quietly leaking their deepest secrets to hackers.

Next.js 16.2 brings updates for performance, AI agents, and Turbopack

The React framework has over 200 changes for the Turbopack bundler and aims to make the use of AI agents more efficient.