#Michelin CERT was credited for CVE-2025-53072 and CVE-2025-62481, two pre-auth RCEs affecting #Oracle E-Business. Both are easy to exploit. Immediate remediation is advised. #security @BleepinComputer @watchtowrcyber

Little introduction for my next talk @hack_lu , this article, co-authored with @cousky_ present all details of the full exploit chain that impacted Palo Alto global protect :

Palo Alto GlobalProtect : Remote Full Compromise Exploit Chain

Michelin CERT striked back. A regression in #PaloAlto Global Protect (CVE-2025-2183) allowed to fully compromise remotely the workstation. All details will be revealed during my talk at @hack_lu.

Excited to be a speaker at @hack_lu! Looking forward to discussing vulnerabilities in VPN clients 🇱🇺 #hacklu #cybersecurity

🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) 🔥 Time to patch and stay sharp! 🔗 VMware Advisory: https://t.co/JVKX1L0EXQ #CyberSecurity #RedTeam #VMware #CVE2025

I guess somebody was thinking outside... the... sand... box! "Compromised renderer can control your mouse and escape sbx" https://t.co/8OWneoaTKi

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00. https://t.co/nx05pyySC9

Did you know that Java code can be injected into a multiline comment using Unicode escapes (\uXXXX)? It appears as a comment but executes as code. Attackers can use this technique to hide backdoors. Test it yourself to "reveal a hidden message": https://t.co/a3lI6oeV1A

#CVE-2024-49194 Databricks JDBC Driver via JAAS, Make JDBC Attack Great Again!! I’ve included the link to my write-up below. Enjoy!! https://t.co/O0i0vGUr8s

Get your mind off the cold 🥶 & check out our new blog post! In it, our @bemodtwz extends @maxenceschmitt's research - giving details on using Eval Villain to find & exploit #CSPT vulnerabilities in modern apps. https://t.co/HAKD2QGMT8 #doyensec #appsec #bugbountytips #Security

🚀 Big Announcement! 🚀 After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! 📖✨ To celebrate, I’m gifting 5 free copies to random retweeters! 🔥 👉 Retweet for a chance to win Thank you all for your incredible support! 🙌

CERTFR-2024-AVI-1027: Multiples vulnérabilités dans VMware Aria Operations https://t.co/372xW3odAB

#Michelin CERT was also acknowledged for discovering CVE-2024-38832 and CVE-2024-38833, which affect VMware Aria Operations. Additional vulnerabilities are still undergoing the disclosure process. https://t.co/zkGj9CjqTQ #security #bugbounty @cousky_

#Michelin CERT was acknowledged for identifying CVE-2024-5921, which impacts #PaloAlto GlobalProtect. A detailed report was sent to their PSIRT team on February 26th, demonstrating how to impersonate a legitimate portal and fully compromise a workstation. #security @cousky_

Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! https://t.co/xz6j2fzrWe

Okta allowing login bypass for any usernames with 52+ characters is insane Official Security Advisory: https://t.co/3b4v30q53z

Omg … reading this report by @Horizon3Attack on PaloAlto‘s Expedition RCE CVE-2024-9464 (and others) seriously shakes any remaining trust in their software. Every chapter feels like a slap in their face. https://t.co/LOg490bfEL

if your commercial app can be owned with this one simple line, then you deserve all the hate. @PaloAltoNtwks this is just, wow I'm lost for words here.

From HTTP request to ROP chain in Node.js! 🔥 Our latest blog post explains how to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only: https://t.co/Yw89oZhv32