Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate
Source: TheHackerNews
April 1st, 2025 (18 days ago)
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

EPSS Score: 0.09%

Source: TheHackerNews
March 28th, 2025 (22 days ago)
Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Mozilla has patched a critical sandbox escape vulnerability in Firefox that shares key traits with a zero-day actively exploited in Google Chrome as part of an ongoing espionage campaign. The vulnerability, tracked as CVE-2025-2857, affects Firefox on Windows and has been fixed in versions 136.0.4, ESR 128.8.1, and ESR 115.21.1. The flaw was discovered by … The post Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks appeared first on CyberInsider.

EPSS Score: 0.09%

Source: CyberInsider
March 27th, 2025 (23 days ago)
Google Patches Actively Exploited Chrome Zero-Day Used in Espionage Campaign
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Google has released a security update for Chrome to address a high-severity zero-day vulnerability that was actively exploited in a sophisticated espionage campaign targeting Russian organizations. The flaw was discovered by Kaspersky researchers who linked the exploitation to a broader attack dubbed Operation ForumTroll. According to their analysis, the campaign began in mid-March 2025, when … The post Google Patches Actively Exploited Chrome Zero-Day Used in Espionage Campaign appeared first on CyberInsider.
Source: CyberInsider
March 26th, 2025 (24 days ago)
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

EPSS Score: 1.63%

Source: TheHackerNews
March 26th, 2025 (24 days ago)
CISA tags NAKIVO backup flaw as actively exploited in attacks
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. [...]
Source: BleepingComputer
March 20th, 2025 (29 days ago)
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

EPSS Score: 90.8%

Source: TheHackerNews
March 20th, 2025 (30 days ago)
Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: A critical Windows zero-day vulnerability is being actively exploited by state-sponsored hacking groups, yet Microsoft has opted not to release a security patch. The flaw, which allows attackers to execute hidden commands using malicious shortcut (.lnk) files, has been leveraged in espionage campaigns since at least 2017. Widespread exploitation, no patch in sight The Trend … The post Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability appeared first on CyberInsider.
Source: CyberInsider
March 18th, 2025 (about 1 month ago)
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Source: TheRegister
March 18th, 2025 (about 1 month ago)
Critical RCE flaw in Apache Tomcat actively exploited in attacks
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

EPSS Score: 93.55%

Source: BleepingComputer
March 17th, 2025 (about 1 month ago)