CVE-2025-55182 (React2Shell): New Detection Profiles for Burp Bounty Pro






🔴 CVSS 10.0 Critical
CVE-2025-55182 (React2Shell):New Detection Profiles for Burp Bounty Pro

📅 December 11…

Burp Suite DAST's winter update improves scanning at scale for enterprise AppSec teams.

October is Cybersecurity Awareness Month, a time when every organization is reminded that security is everyone’s responsibility. It's a time to reflect on how organizations approach security not as a campaign or compliance task, but as a mindset.

We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identities in the Rekor transparency log.

In 2025, we set out with a simple mission: take Burp Suite on the road and meet the global AppSec community where you are. Burp On Tour was born from our desire to learn from you; the brilliant people

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

In our recent webinar, “A qualitative analysis of six leading LLMs,” we went beyond functional performance benchmarks to analyze the quality, security, and maintainability of code produced by top models. Here’s what matters for both technology leaders and…

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

What’s Changed
🐞 Bug Fixes

fix(config): template exclusion logic for paths with reserved names by @dwisiswant0 in #6663
fix(http): lost request body on retries & redirects by @dwisiswant0 in #...

Explaining the React2Shell vulnerability top to bottom, with no AI slop and proper technical due diligence.

GWP-ASan is a sampling-based memory error detection tool that catches critical bugs like use-after-free and buffer overflows in production environments with near-zero performance overhead, unlike AddressSanitizer which is too resource-intensive for deployment.

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

Subscriber+ arbitrary file upload vulnerability found in the Motors WordPress theme 🚨 Affects versions ≤5.6.81. Update to 5.6.82 to prevent full site takeover. CVE-2025-64374 🔒

Hi hackers, Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring:  React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exp...

A Year of Real-World Exploitation

If you work in security, you probably remember React2Shell. Shortly after public disclosure, scanning activity increased, and exploitation attempts began to surface.

That sequence showed up repeatedly across several of…

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

LLMs fundamentally differ from compilers because they lack determinism and semantic guarantees, making them useful coding assistants but unreliable for autonomous code generation without human review and formal verification.

Hi I am Sairaj Dattu Thorat and I’m in 11th grade right now.. and few months ago I started my bug bounty journey and I wanted to make…

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

The adoption of Large Language Models (LLMs) and AI coding assistants has radically accelerated the development lifecycle, offering the potential for developers to achieve up to a 55% increase in productivity and complete tasks twice as fast.

elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.