The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 ...

Stryker attack raises concerns about role of device management tool

A suspected wiper attack against medtech giant Stryker has led much of the security community to examine the role of ...
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

Java 26 with JVM optimizations, HTTP/3, and finally no Applet API

The current OpenJDK 26 is strategically important and not only brings exciting innovations but also eliminates legacy issues like the outdated Applet API.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' browsers for several weeks. The group ...
InfoQ

DoorDash Builds DashCLIP to Align Images, Text, and Queries for Semantic Search Using 32M Labels

DoorDash has launched a multimodal machine learning system that aligns product images, text, and user queries in a shared ...