# OSINT Post — @thehackernews msg 8640

*Friday, March 20, 2026 at 11:27 AM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-03-20T11:27:24.000Z (2mo ago)
**Fetched**: 2026-03-21T21:32:24.249Z (2mo ago)
**Views**: 5
**Media**: photo
**Link**: https://t.me/thehackernews/8640
**Permalink**: https://hamerintel.com/data/posts/2477.md
**Source**: https://hamerintel.com/sources

---

⚠️ A critical Magento flaw lets attackers upload files without login and take over stores.The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS.No fix for current versions yet.🔗 Read → https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html