PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16, 2025.
This free BApp, authored by Director of Research James Kettle, now detects React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478), alongside a suite of other high-impact...
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol (MCP) sampling feature used in AI coding copilots.
Malicious MCP servers can inject prompts to steal compute resources, hijack chats, and run hidden tools without user knowledge.
MCP Basics and...
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of advanced hacking equipment that could target critical IT systems.
The incident unfolded on December 8, 2025, when officers from Warsaw's Śródmieście district stopped a Toyota on Senatorska Street for...
Attackers can keep access to AWS accounts even after admins delete compromised keys.
New research from OffensAI shows how AWS Identity and Access Management (IAM) eventual consistency creates a 4-second window for persistence.
During this gap, deleted access keys still work, letting hackers create...
Owners of hundreds of Porsche cars in Russia cannot drive their vehicles after a significant failure in the factory-installed satellite security system.
This issue began on November 28, 2025. It affected all internal combustion engine (ICE) models in the Rolf dealership network, Russia's biggest...
Vercel has released a new command-line tool, fix-react2shell-next, to help developers quickly detect and patch CVE-2025-66478, a critical remote code execution (RCE) vulnerability dubbed "React 2 Shell" that affects Next.js and React Server Components (RSC) apps.
Available via npx fix-react2shell-next, the tool recursively scans...