Urgent: PolyShell Vulnerability Targets Magento Stores — BleepingComputer

The 'PolyShell' vulnerability is actively being exploited, affecting 56% of Magento Open Source and Adobe Commerce installations. Attackers leverage this flaw to execute malicious code on vulnerable systems, potentially compromising sensitive customer data. Security teams should prioritize patching to mitigate risks and monitor for unusual activity in affected environments.

Citrix Patches Critical NetScaler Vulnerabilities — BleepingComputer

Citrix has released patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway, including a high-severity flaw similar to previous CVEs. These vulnerabilities could allow attackers to execute arbitrary code or bypass authentication. Admins should apply these patches immediately to secure their systems and prevent potential exploitation.

Device Code Phishing Targets Microsoft 365 via OAuth — The Hacker News

A new phishing campaign is exploiting device code authentication to target over 340 Microsoft 365 organizations across five countries. Attackers abuse OAuth to gain unauthorized access to sensitive information. Security teams must enhance monitoring of OAuth activities and educate users about phishing risks to defend against these sophisticated attacks.

• GitHub adds AI-powered bug detection to expand security coverage [BleepingComputer]
• GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data [The Hacker News]
• New Torg Grabber infostealer malware targets 728 crypto wallets [BleepingComputer]
• TP-Link warns users to patch critical router auth bypass flaw [BleepingComputer]
• アップル「iOS 18.7.7」配信開始 複数の脆弱性を修正 - ASCII.jp [Google News Security (JP)]