InfoSecBulletin Cybersecurity for mankind
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes.
Auto-Pause Intruder Attacks:
AWS SNS misused for Data Exfiltration and Phishing
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
A key feature of this release is the new Auto-Pause Attack in Burp Intruder. It enables users to automatically pause attacks when certain conditions in HTTP responses are met.
Users can set the tool to pause an attack when a certain expression is detected or absent in the response. This feature improves memory efficiency during large attacks and allows testers to concentrate on relevant results automatically.
Content-Length Mismatch Highlighting:
Burp Suite now automatically highlights differences in the Content-Length response header to improve vulnerability detection.
If the length stated in the header doesn’t match the actual response size, it will be flagged. This improvement helps detect problems such as HTTP request smuggling and other server response issues.
CSV Export for Collaborator Interactions:
Burp Collaborator now allows users to export interaction data as CSV files, simplifying the process for security professionals to include detailed logs in reports or presentations.
Users can now mark interactions as “read,” making it easier to distinguish between reviewed and new activities.
Bug Fixes:
Several bugs have been resolved in this release to improve stability and user experience:
Fixed an issue where the Home and End keys caused incorrect cursor positioning in the message editor.
Resolved a problem with Burp Logger’s view filter not reapplying correctly after reaching capture limits.
Addressed a bug that prevented newly saved configurations from appearing in the configuration library without restarting Burp.
Corrected payload encoding issues when creating new Intruder tabs with encoding disabled.
Fixed non-functional hotkeys for adding notes in Burp Organizer and Repeater.
Resolved copy-paste issues on Linux and Windows for BCheck preview screens.
Fixed problems with extension-provided tabs disappearing when loading multiple extensions, especially those with WebSocket message editor implementations.
Burp Suite’s integrated browser is now updated to Chromium version 132.0.6834.84 for Windows and macOS, and 132.0.6834.83 for Linux. This guarantees compatibility with modern web standards and improves performance in manual testing.
Burp Suite 2025.1 greatly improves usability, efficiency, and technical strength for penetration testers and cybersecurity experts.
The new auto-pause feature and improved response analysis will simplify workflows and enhance web application testing. Users should update to the latest version for improved security assessments.
