Hackers are actively exploiting a critical Magento and Adobe Commerce vulnerability, dubbed “PolyShell,” to achieve remote code execution (RCE) and full account compromise across thousands of online stores. The flaw, discovered by the Sansec Forensics Team and disclosed on March 17, 2026, affects Magento’s REST API. It allows unauthenticated attackers to upload malicious files directly […] The post Hackers Exploit Magento Flaw for Remote Code Execution and Account Takeover appeared first on Cyber Security News.