Updated and latest information regarding the critical React RCE vulnerability (React2Shell CVE-2025-55182) . Learn how to detect and protect with JFrog.

We're excited to announce Tracebit Community Edition, a completely free-forever platform to deploy security canaries.

Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.

Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to...

Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the...

A privilege escalation flaw in the Soledad theme allowed Subscribers to change site settings and gain admin access. Learn how it works and why updating to 8.6.9.1 is essential.

Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025).

Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.…

Our new tool mrva is a terminal-first tool for running CodeQL multi-repository variant analysis locally,allowing users to download pre-built databases, analyze them with custom queries, and view results directly in the terminal.

CVE-2025-55182 (React2Shell): New Detection Profiles for Burp Bounty Pro






🔴 CVSS 10.0 Critical
CVE-2025-55182 (React2Shell):New Detection Profiles for Burp Bounty Pro

📅 December 11…

Burp Suite DAST's winter update improves scanning at scale for enterprise AppSec teams.

October is Cybersecurity Awareness Month, a time when every organization is reminded that security is everyone’s responsibility. It's a time to reflect on how organizations approach security not as a campaign or compliance task, but as a mindset.

We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identities in the Rekor transparency log.

In 2025, we set out with a simple mission: take Burp Suite on the road and meet the global AppSec community where you are. Burp On Tour was born from our desire to learn from you; the brilliant people

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

In our recent webinar, “A qualitative analysis of six leading LLMs,” we went beyond functional performance benchmarks to analyze the quality, security, and maintainability of code produced by top models. Here’s what matters for both technology leaders and…

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

What’s Changed
🐞 Bug Fixes

fix(config): template exclusion logic for paths with reserved names by @dwisiswant0 in #6663
fix(http): lost request body on retries & redirects by @dwisiswant0 in #...

Explaining the React2Shell vulnerability top to bottom, with no AI slop and proper technical due diligence.

GWP-ASan is a sampling-based memory error detection tool that catches critical bugs like use-after-free and buffer overflows in production environments with near-zero performance overhead, unlike AddressSanitizer which is too resource-intensive for deployment.

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.