Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]
February 15th, 2025 (2 months ago)
|
|
|
February 15th, 2025 (2 months ago)
|
|
|
Description: A newly discovered phishing campaign targeting Microsoft 365 accounts has been attributed to Russian-linked threat actors, leveraging an advanced technique known as device code authentication phishing. Reports from both Microsoft and cybersecurity firm Volexity indicate that multiple groups have been exploiting this method since mid-2024, targeting government agencies, NGOs, defense organizations, and private companies across …
The post Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on CyberInsider.
February 14th, 2025 (2 months ago)
|
|
|
Description: Microsoft has fixed a known issue causing "boot device inaccessible" errors during startup on some Windows Server 2025 systems using iSCSI. [...]
February 14th, 2025 (2 months ago)
|
|
|
Description: The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy.
"RansomHub has targeted over 600 organizations globally, spanning sectors
February 14th, 2025 (2 months ago)
|
|
|
Description: Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
February 14th, 2025 (2 months ago)
|
|
|
Description: Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
February 13th, 2025 (2 months ago)
|
CVE-2025-25199 |
Description: Calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time.
References
https://github.com/microsoft/go-crypto-winnative/security/advisories/GHSA-29c6-3hcj-89cf
https://nvd.nist.gov/vuln/detail/CVE-2025-25199
https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41
https://github.com/advisories/GHSA-29c6-3hcj-89cf
EPSS Score: 0.04%
February 12th, 2025 (2 months ago)
|
|
|
Description: A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.
"This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the
February 12th, 2025 (2 months ago)
|
|
|
Description: Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.
February 12th, 2025 (2 months ago)
|