PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16, 2025.
This free BApp, authored by Director of Research James Kettle, now detects React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478), alongside a suite of other high-impact...
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025, highlighting active exploitation of critical vulnerabilities affecting Citrix Session Recording and Git systems.
The additions include CVE-2024-8069 and CVE-2024-8068 in Citrix...
Mozilla released Firefox 142 on August 19, 2025, addressing multiple critical security vulnerabilities that could enable remote code execution and sandbox escape attacks.
The security update patches nine CVEs, with three classified as high-severity vulnerabilities that could allow attackers to execute arbitrary code on...
Cybersecurity researchers and organizations worldwide were alerted to the public release of a weaponized exploit targeting critical SAP vulnerabilities, marking a significant escalation in threats against enterprise SAP environments.
The exploit, which combines two previously zero-day vulnerabilities in SAP NetWeaver Visual Composer, represents a...
The PostgreSQL Global Development Group has released urgent security updates on August 14, 2025, addressing three critical vulnerabilities that affect all supported versions of the world's most advanced open-source relational database.
The update covers PostgreSQL versions 17.6, 16.10, 15.14, 14.19, and 13.22, along with...
A critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to achieve remote code execution on vulnerable systems.
The vulnerabilities, discovered during investigation of an apparent false positive detection, affect the widely-deployed print orchestration platform used by commercial print shops, universities, and...