Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Microsoft has introduced a new Windows 11 24H2 upgrade block for systems with AutoCAD 2022, addressing compatibility issues that prevent the program from launching. [...]
February 26th, 2025 (3 months ago)
|
|
|
Description: The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don't typically monitor.
February 25th, 2025 (3 months ago)
|
|
|
Description: Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. [...]
February 25th, 2025 (3 months ago)
|
|
|
Description: Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. [...]
February 25th, 2025 (3 months ago)
|
|
|
Description: Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.
The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,
February 25th, 2025 (3 months ago)
|
|
|
Description: Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. [...]
February 24th, 2025 (3 months ago)
|
|
|
Description: A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials. [...]
February 24th, 2025 (3 months ago)
|
|
|
Description: Protecting identities has become a top priority for security teams. However, many organizations remain exposed due to blind spots caused by identity sprawl and misplaced trust in identity providers. This blog explores why traditional security measures fall short, how AI-driven attackers are escalating identity threats, and why a proactive, identity-first approach is the only way forward.The identity security game has changed—not just because attackers are inventing new exploits, but because we’ve unintentionally made their job easier. Identity sprawl has opened the doors wide, effectively giving attackers their own “golden ticket” —pun intended— to target what is arguably an organization’s most valuable asset: its identities. Remember when an employee only needed one corporate login and a handful of permissions to access the applications and resources they needed to get their job done? Today, every worker, contractor, service account and even every IoT device is entangled in a complex web of permissions spread across multiple identity providers (IDPs), spanning directory services, such as Microsoft’s Active Directory (AD) and Entra ID; cloud services; SaaS apps; and remote access tools. The rise of IoT has further compounded this challenge by introducing machine identities that seamlessly interact across these environments, increasing both operational complexity and security risks.Identity sprawl is now a major challenge for organizations, with 57% of security professional...
February 24th, 2025 (3 months ago)
|
|
|
February 21st, 2025 (4 months ago)
|
|
|
February 20th, 2025 (4 months ago)
|