While performing penetration tests on SAP Financial Consolidation, our ninjas laxa and Alexis Danizan discovered an authentication bypass for local accounts including the built-in ADMIN account, leading to the underlying system compromise: synacktiv.com/en/advisories/…

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up. synacktiv.com/en/publication…

ZDI-CAN-27262 is a Linux kernel 0-day I reported recently that allows unprivileged users to escalate privileges to root. The vulnerability is a race condition leading to a UAF in the kmalloc-196 cache. It was introduced in v4.2-rc1 and has been present in the kernel for 10 years.

Another Week, Another EXPLOITS CLUB 📰 --- 🎉 Binja giveaway: sign up to support the newsletter 🎉 --- Tesla wall charger falls to Synacktiv Bugscale pops a Chrome bug BINARLY🔬 Secure Boot bypass RCE from watchTowr + Jobs & MORE 👇 blog.exploits.club/exploits-club-…

#ECSC2025 | 🐓 Découvrez la #TeamFrance 2025 ! 🇫🇷 Sélectionnés à l'issue du FCSC, les joueurs de la ECSC Team France représenteront la drapeau tricolore à Varsovie, en Pologne, dans le cadre de l'European Cybersecurity Challenge. 🔔 RDV en octobre ! PS: #YouAreAllWinners

lightyear just got 6 times faster! Although I now work at Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. github.com/ambionics/ligh…

We've already received many high-quality submissions to our CFP, thank you! 🚀 Don't miss your chance to submit before July 14! 📅 hexacon.fr/conference/cal…

There are still seats available for our "iOS for Security Engineers" training at #HEXACON2025! Book it while it's hot 😉 Conference tickets are also still available if you register for a training.

It's never too late to start vulnerability research on iOS! Our training has been made by experienced iOS security researchers for newcomers in the iOS area who want to start developing "extremely sophisticated attacks"! :-) hexacon.fr/trainer/meffre…

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇

📢The end of Hexacon's CFP is approaching (July 14th)! If you have technical content you would like to present in Paris, you have another ~11 days to send it in ✍️ Topics of interest are vr / xdev / hardware hax, appsec & offensive security in general 🐛🐜🪲 See you there!👋

While performing security research on IoT control applications, Areizen and Cyp discovered critical vulnerabilities in the mobile app for the Eachine E58 drone. These flaws could potentially lead to remote code execution on the user's smartphone. synacktiv.com/en/publication…

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja Remsio studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

Ever thought your kitchen appliance could harbor a persistent threat? We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass. Discover our step-by-step breakdown! synacktiv.com/en/publication…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

The latest Synacktiv Summer Challenge was in 2019, and after 6 years, it's back! Send us your solution before the end of August, there are skills to learn and prizes to win 🎁 synacktiv.com/en/publication…

Blackhoodie will be back at Hexacon this year, and we're currently looking for former BlackHoodies who would be willing to give a training, between Oct 6 and 9! blackhoodie.re/Hexacon2025/

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc kalimero Quentin Roland Wil

We've just released a tool to decrypt all Synology encrypted archives! We used it to compare SynologyPhotos versions and highlight our #Pwn2Own Ireland 2024 vulnerability on the BeeStation BST150-4T. Check out Tek_'s blog post for more details. synacktiv.com/en/publication…