Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-eq…

PagedOut! #6 magazine is out! This edition features two articles from our ninjas: - Implicit Unicode behaviors in database string functions - Calling Rust from Python: A story of bindings Dive into their insights here: pagedout.institute

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. F4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

Get an inside look at how IoT security can be breached, even with top defences in place. 🔍Pwn2Own 2024 case study reveals how creative thinking and deep technical skills expose vulnerabilities in modern embedded systems Join Creased at #hw_ioUSA2025 👉hardwear.io/usa-2025/speak…

Lets gooo!! 🚀🔥 About 100 challenges in all the categories! Join us and test your CTF skills! 🔗 fcsc.fr

The FastCGI library, mostly used in embedded equipment, was vulnerable for decades to an integer overflow over the IPC socket in 32-bits architecture. Check out how Shiro found it and exploited it for RCE! synacktiv.com/en/publication…

🇬🇧 Offensive security at its finest 💥 Proud to count Synacktiv as a Platinum sponsor ⚪! French leader in pentest, reverse & incident response, with 200+ experts across 6 cities. 🔗 synacktiv.com #leHACK #Sponsors

Boom! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own

Successfully Completed Day 1 of #hw_ioUSA2025 #TEE , #SecureBoot, #RF & lots of learnings .... #hw_io

Day2 Training has started of hw_ioUSA2025 ! #BLE #ICReverseEngineering #hypervisor #hw_io

Are you ready for an amazing #hw_ioUSA2025 🤘

It’s a warning ⚠️ IoT devices with serious security postures are still vulnerable if developers miss subtle flaws like blind format string bugs 🎙️Baptiste Moine at #hw_ioUSA2025 will show how he went from firmware extraction to RCE on a hardened device 👉hardwear.io/usa-2025/speak…

Switch 2 factory firmware spotted in the wild gbatemp.net/threads/671975/

First userland ropchain exploit on the Switch 2 Source: bsky.app/profile/retr0.…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

#ECSC2025 | 🐓 Découvrez la #TeamFrance 2025 ! 🇫🇷 Sélectionnés à l'issue du FCSC, les joueurs de la ECSC Team France représenteront la drapeau tricolore à Varsovie, en Pologne, dans le cadre de l'European Cybersecurity Challenge. 🔔 RDV en octobre ! PS: #YouAreAllWinners

🇬🇧 🏆 Wargame Top 3 – #leHACK 2025 🥇 Pepito 🥈 EternalBlue 🥉 Azgar Huge congrats to the winners & all night-time warriors! 🙏 Thanks Lab401 for the macobox gifted to Team Pepito 💥 #CTF #Wargame #infosec

While performing security research on IoT control applications, Areizen and Cyp discovered critical vulnerabilities in the mobile app for the Eachine E58 drone. These flaws could potentially lead to remote code execution on the user's smartphone. synacktiv.com/en/publication…

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja Remsio studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

Ever thought your kitchen appliance could harbor a persistent threat? We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass. Discover our step-by-step breakdown! synacktiv.com/en/publication…