Huge numbers of web stores are facing attack from this dangerous new malware

PolyShell vulnerability in Magento/Adobe Commerce mass exploited, hitting over half of vulnerable stores Attackers deploy ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.
Network World

Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.