Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]
April 19th, 2025 (about 22 hours ago)
|
|
Description: Microsoft has announced that support for Office 2016 and Office 2019 will officially end on October 14, 2025, prompting organizations to begin planning their migration to Microsoft 365 Apps. The company emphasizes that continuing to use these legacy versions after the deadline could result in missing critical security updates and experiencing connectivity issues with Microsoft …
The post Microsoft Sets October 2025 Deadline to Replace Office 2016 and 2019 appeared first on CyberInsider.
April 18th, 2025 (2 days ago)
|
|
🚨 Marked as known exploited on April 18th, 2025 (3 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
CVSS: MEDIUM (6.5)
April 18th, 2025 (3 days ago)
|
CVE-2025-24054 |
Description: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (6.5)
April 17th, 2025 (3 days ago)
|
|
Description: Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. [...]
April 17th, 2025 (3 days ago)
|
|
Description: Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. [...]
April 17th, 2025 (3 days ago)
|
|
Description: Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration.
The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
April 17th, 2025 (3 days ago)
|
|
Description: The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
April 16th, 2025 (4 days ago)
|
|
Description: Microsoft has issued a warning about a surge in cyberattacks leveraging Node.js to deliver malware and steal sensitive information. Since October 2024, its Defender Experts team has observed multiple campaigns using Node.js in novel ways to evade detection and persist in compromised environments. The findings come from a detailed analysis by Microsoft's Defender for Endpoint …
The post Microsoft: Node.js Increasingly Used for Malware Delivery and Data Theft appeared first on CyberInsider.
April 16th, 2025 (4 days ago)
|
|
Description: Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages.
"Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in
April 16th, 2025 (4 days ago)
|