PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16, 2025. This free BApp, authored by Director of Research James Kettle, now detects React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478), alongside...

Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol (MCP) sampling feature used in AI coding copilots. Malicious MCP servers can inject prompts to steal compute resources, hijack chats, and run hidden tools...

Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of advanced hacking equipment that could target critical IT systems. The incident unfolded on December 8, 2025, when officers from Warsaw's Śródmieście district stopped a...

Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser to boost productivity, simplify browsing, and strengthen security. Announced by Chrome VP Mike Torres, these features roll out starting today for U.S. Mac and...

Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting input that exceeds allocated buffer sizes, leading to memory corruption. This classic CWE-120 buffer overflow enables remote unauthenticated code execution with high impact...

Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for content analysis and extraction. CVE-2025-66516 has a perfect CVSS score of 10.0, indicating it is critical. Disclosed on December 4, 2025, by the Apache...