PortSwigger has updated the ActiveScan++ extension for Burp Suite, and it can now automatically detect two critical vulnerabilities found in React applications, known as React2Shell — CVE-2025-55182 and CVE-2025-66478. These vulnerabilities allow attackers to send unauthorized requests to the server…
A new and extremely dangerous vulnerability has been identified in the Apache Tika platform. Registered as CVE-2025-66516, this flaw has received the maximum CVSS score of 10.0. The vulnerability allows an attacker to infiltrate the system through a specially crafted…
Even the official Google Play Store can sometimes fall victim to cybercriminals’ tactics. Experts from Zscaler ThreatLabz recently discovered that an app called “Document Reader – File Manager”, which had been downloaded more than 50,000 times, was actually distributing the…
Millions of websites and web applications around the world rely on React and Next.js. Therefore, the discovery of a new vulnerability — CVE-2025-55182 — has caused serious concern among developers. The flaw enables remote code execution (RCE) on the server…
A new cyber threat that has drawn significant attention from the international cybersecurity community — a sophisticated malware known as BRICKSTORM — has been highlighted in a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the…
The WordPress ecosystem is facing another serious security threat. In recent days, cybercriminals have begun actively exploiting a critical Remote Code Execution (RCE) vulnerability in the Sneeit Framework plugin. The flaw, identified as CVE-2025-6389 with a CVSS score of 9.8,…
Cybersecurity experts have discovered a new vulnerability in K7 Computing’s K7 Ultimate Security product, leading to a major security issue. This flaw allows ordinary users with limited privileges to gain the highest level of operating system access — SYSTEM rights.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an official warning about two serious actively exploited “0-day” vulnerabilities in the Android operating system. These vulnerabilities pose a direct threat to the security of millions of Android users worldwide.…
Today, the WordPress ecosystem serves as the backbone for millions of websites worldwide. Yet even a small flaw in a seemingly minor plugin can trigger serious consequences. Recently, such a situation unfolded when a critical vulnerability discovered in the popular…
Two serious security vulnerabilities have been discovered in Django, one of the most widely used web development frameworks. The Django team has released essential security updates to address these issues. One vulnerability is classified as high severity and the other…