Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Description: Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. [...]
Source: BleepingComputer
March 16th, 2025 (3 months ago)
Threat Actor Impersonates Booking.com in Phishing Scheme
Description: Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.
Source: Dark Reading
March 14th, 2025 (3 months ago)
Week-long Exchange Online outage causes email failures, delays
Description: Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...]
Source: BleepingComputer
March 14th, 2025 (3 months ago)

CVE-2024-48938
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied...
Description: Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

EPSS Score: 0.25%

SSVC Exploitation: none

Source: CVE
March 14th, 2025 (3 months ago)
Microsoft apologizes for removing VSCode extensions used by millions
Description: Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. [...]
Source: BleepingComputer
March 13th, 2025 (3 months ago)
Windows Notepad to get AI text summarization in Windows 11
Description: Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. [...]
Source: BleepingComputer
March 13th, 2025 (3 months ago)
Microsoft says button to restore classic Outlook is broken
Description: ​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. [...]
Source: BleepingComputer
March 13th, 2025 (3 months ago)
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Description: Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It's
Source: TheHackerNews
March 13th, 2025 (3 months ago)
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Description: Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]
Source: BleepingComputer
March 13th, 2025 (3 months ago)
Microsoft patches Windows Kernel zero-day exploited since 2023
Description: Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. [...]
Source: BleepingComputer
March 12th, 2025 (3 months ago)