PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16,…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol (MCP) sampling feature used in…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting input that exceeds allocated…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for content analysis and extraction. CVE-2025-66516…
Attackers can keep access to AWS accounts even after admins delete compromised keys. New research from OffensAI shows how AWS…
CISA has added CVE-2025-55182, dubbed React2Shell, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation. This critical…
Vercel has released a new command-line tool, fix-react2shell-next, to help developers quickly detect and patch CVE-2025-66478, a critical remote code…
Cal.com, a popular open-source scheduling platform, faces a critical authentication flaw that allows attackers to bypass password checks by using…
React Server Components (RSC) in React 19.x suffer from insecure deserialization in the "Flight" protocol, allowing attackers to send crafted…
AWS SageMaker provides managed Jupyter notebook instances for data science tasks. These instances link to IAM execution roles with broad…