A pre-auth RCE combining 2 critical vulnerabilities on the Production Environment extension of the PHP low-code website generator ScriptCase has been found by @noraj_rawsec and cabir. No upstream fix yet, please apply the workaround.

Our experts took the stage at @passthesaltcon yesterday and this morning to present their latest offensive security research and tools! Keycloak, named pipes MITM and more! Slides and recordings coming soon 👀

🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now!

All trainings are 5 intensive days, highly technical and heavy on labs! Active Directory with 30+ machines, multi‑cloud (AWS/GCP/Azure + Kubernetes), full web stacks (PHP, Java, .NET), and more!.

Looking for hands‑on trainings for the end of the year? Synacktiv launches S2 sessions starting September in Paris (French) & online (English, Paris/New York hours)! Secure your seat now!

There are still seats available for our "iOS for Security Engineers" training at #HEXACON2025! Book it while it's hot 😉.Conference tickets are also still available if you register for a training.

RT @hexacon_fr: We've already received many high-quality submissions to our CFP, thank you! 🚀. Don't miss your chance to submit before July….

RT @0xf4b: Plenty of time left, no excuse for not submitting!.

RT @cfreal_: lightyear just got 6 times faster!. Although I now work at @Synacktiv, I proposed a PR for the tool to support threading and c….

RT @exploitsclub: Another Week, Another EXPLOITS CLUB 📰. ---.🎉 Binja giveaway: sign up to support the newsletter 🎉.---. Tesla wall charger….

RT @TheOffensiveX: Renaud Feil, CEO and co-founder of @Synacktiv, is on stage at Offensive X. Renaud, our keynote speaker, is diving deep i….

This Saturday, June 21st, the @MidnightFlag CTF final will take place at ESNA near Rennes 🏆.Come and support the players! Good luck to all participants 💪

RT @_SaxX_: 🚨🗺️CYBERALERT - MONDE🔴 | @Synacktiv -un fleuron de la cybersécurité offensive en France🇫🇷- a découvert une vulnérabilité criti….

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up.

RT @happygeek: By me @Forbes: You have patched CVE-2025-33073 already, right? Riiiight? #kudos @Synacktiv . #infosec. .

RT @l4x4: You can read the technical details of an authentication bypass I discovered with my colleague @alexisdanizan on SAP FC.

RT @TheOffensiveX: OffensiveX 2025 Trainings are LIVE!. Day 1 of #OffensiveX 2025 trainings is over and the action started strong with two….

While performing penetration tests on SAP Financial Consolidation, our ninjas @l4x4 and @alexisdanizan discovered an authentication bypass for local accounts including the built-in ADMIN account, leading to the underlying system compromise:

RT @x33fcon: "Owning #SCCM: A Journey from #Research to Critical Discovery" presented by @kalimer0x00 - #x33fcon #windows #red - https://t.….