Posts

The Hacker News - Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in from The Hacker News https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html

KnowBe4 - Digital Cleanup: It’s Not Just Your Files, It’s Your Brain

Image
Digital Cleanup Day might be seen as a digital chore: delete old files, clear the inbox, reduce your carbon footprint. It’s framed as a technical exercise. But digital cleanup isn't only about your hard drive; it’s also about your mind. from Human Risk Management Blog https://blog.knowbe4.com/digital-cleanup-its-not-just-your-files-its-your-brain

The Hacker News - Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to from The Hacker News https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

Schneier - Proton Mail Shared User Information with the Police

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/proton-mail-shared-user-information-with-the-police.html

The Hacker News - The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result, from The Hacker News https://thehackernews.com/2026/03/the-importance-of-behavioral-analytics.html

KnowBe4 - Our KnowBe4 Community Is One of Our Greatest Strengths

Image
I am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers. from Human Risk Management Blog https://blog.knowbe4.com/our-knowbe4-community-is-one-of-our-greatest-strengths