Adobe Releases #Security Patch Updates for 11 Vulnerabilities in #Adobe Digital Editions, Framemaker, and Technical Communications Suite thehackernews.com/2018/10/adobe-… Bonus: Updates for Adobe Flash Don’t Include Any Security Fix This Month

#Symfony's secret fragments: Learn how a configuration problem leads to Remote code Execution on Symfony-based applications : ambionics.io/blog/symfony-s…

Introducing sshimpanzee, a reverse shell made by Titouan Lazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

Our researchers found a pre-auth RCE on #Fortigate SSL VPN. Stay tuned for the blogpost ! (CVE-2023-27997)

New blogpost by matya ! Discover step by step how we created a Python tool to process large volume of credentials stolen by infostealers! 1/2 bit.ly/3SiNaOw

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

We’re glad to announce we released Soxy!🚀 A Rust-powered suite of services for Citrix, VMware Horizon & Windows RDP. Red teams & pentesters can use it to pivot for deeper access. Get the tool and more details: 🔗 github.com/airbus-seclab/…

GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post: blog.lexfo.fr/glpi-sql-to-rc….

🚨 New exploit released 🚨 Converts limited PHP code execution into WordPress administrator account creation & login. CVE-2025-13486 (ACF Extended) 🔗 github.com/whattheslime/C…

meet VMkatz, github.com/nikaiw/VMkatz

Après 4 ans d'absence, BeeRumP revient ! 🍻 Le concept : des rumps (~10min) et de la bière à volonté, l'occasion de présenter des projets perso avec humour ! La soirée aura lieu dans les locaux d'Epita à Paris, le vendredi 19 juin. Envoyez vos rumps à [email protected] :)

Thanks to the Wordfence team for the bounty! 🙏 A blogpost with detection method and exploitation script will soon be released on blog.lexfo.fr — stay tuned Lexfo Ambionics Security 👀

Check out my first article on Lexfo's blog about a critical vulnerability I found in Ninja Forms File Uploads! (CVE-2026-0740) Python exploit script also available on GitHub: 👉 github.com/whattheslime/C… FOFA Hunter

Congratulations to our pentester nol on placing 2nd in the Web Senior category at the #FCSC2026 qualifications, with a score of 3,616 points. This kind of result speaks for itself. Best of luck for the next rounds! 🍀 #CTF #Cybersecurity

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin Estimated 50,000 WordPress sites are affected and should update to version 3.3.27 immediately. A critical vulnerability (CVE-2026-0740, CVSS 9.8) allows unauthenticated attackers to upload