Blog - Experience Digest

Attack Analysis

The Perforce Driver You Never Knew You Had: Composer CVE-2026-40261 and CVE-2026-40176

Two command injection vulnerabilities in Composer’s Perforce driver are exploitable even if you’ve never touched Perforce. For Magento shops running dev dependencies from source, CVE-2026-40261 is a supply-chain exposure hiding …

📅 May 23, 2026

⏱ 5 min read

Read →

Attack Analysis

Three Signals from November: What the Bulletins Don't Say

The November 2025 bulletin wave included a CVSS 9.1 session takeover, a stored XSS in Magento-lts, and an active Xurum webshell campaign. Read together, they describe something the individual advisories don’t.

📅 November 26, 2025

⏱ 3 min read

Read →

Follow via RSS or on Micro.blog.