Adobe Commerce
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. There are no signs of the issue being actively exploited in the wild, but eCommerce security company Sansec warns that “the exploit method is circulating already” and expects automated attacks […]
Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted by e-commerce security firm Sansec, whose researchers previously described SessionReaper as one of the most severe security bugs in the history of the product. Adobe warned about CVE-2025-54236 on September 8, saying that it is […]