Threat and Vulnerability Intelligence Database

Example Searches:

	Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared” Description: Researchers find that the more people use AI at their job, the less critical thinking they use. Source: 404 Media February 10th, 2025 (2 months ago)
	Microsoft raises rewards for Copilot AI bug bounty program Description: Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...] Source: BleepingComputer February 10th, 2025 (2 months ago)
	Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE Description: Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection. Source: Dark Reading February 7th, 2025 (2 months ago)
	Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Description: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...] Source: BleepingComputer February 7th, 2025 (2 months ago)
	Microsoft shares workaround for Windows security update issues Description: Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...] Source: BleepingComputer February 7th, 2025 (2 months ago)
	Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection Description: Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET Source: TheHackerNews February 7th, 2025 (2 months ago)
	Microsoft Edge update adds AI-powered Scareware Blocker Description: Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...] Source: BleepingComputer February 7th, 2025 (2 months ago)
	Microsoft Warns of Code Injection via Exposed ASP.NET Keys Description: Microsoft Threat Intelligence has identified a security risk involving publicly available ASP.NET machine keys, which have been exploited in code injection attacks. Microsoft’s security researchers observed limited malicious activity in December 2024, when a threat actor leveraged a publicly disclosed ASP.NET machine key to perform a ViewState code injection attack. During the investigation, Microsoft found … The post Microsoft Warns of Code Injection via Exposed ASP.NET Keys appeared first on CyberInsider. Source: CyberInsider February 7th, 2025 (2 months ago)
	Microsoft says attackers use exposed ASP.NET keys to deploy malware Description: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...] Source: BleepingComputer February 6th, 2025 (2 months ago)
	Critical RCE bug in Microsoft Outlook now exploited in attacks Description: CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...] Source: BleepingComputer February 6th, 2025 (2 months ago)