The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.

All #vulnerabilities were responsibly reported to the vendors.

👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/

#Kofax #InfoSec #CyberSecurity #Pentesting #AppSec #Hacking

Want to know how to write and distribute #SecurityAdvisories that can be parsed and processed automatically?

Freshly announced are this years workshops for the Common Security Advisory Framework (#CSAF). They will be held in Nuremberg, Germany, November 10th to 12th.

See https://www.csaf.io/workshops/2025/
(right after this are the CSAF Community-Days).

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Here’s a collection of the #SecurityAdvisories that I’ve published over the years:

https://github.com/0xdea/advisories

If you’re interested in #VulnerabilityResearch and #ExploitDevelopment, on @github and on the @hnsec blog you can also find a trilogy of talks on these topics that I delivered between 2019 and 2021:

https://github.com/0xdea/raptor_infiltrate19

https://github.com/0xdea/raptor_infiltrate20

https://github.com/0xdea/raptor_romhack21

I hope you’ll enjoy them!

📢#CVE202237955: The #usdHeroLab analysts identified a vulnerability in Microsoft Windows Group Policy Updates that leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
👇​💻​
https://herolab.usd.de/security-advisories/usd-2022-0034/

#itsecurity #cve #SecurityAdvisories #zeroday #Microsoft #cybersecurity

Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.

Follow us for exciting IT security Content.

#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity