Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.
January 8th, 2025 (3 months ago)
|
CVE-2024-55414 |
Description: A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-55413 |
Description: A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
|
Description: Microsoft Bing is displaying what is being categorized as a misleading Google-esque search page when users search for Google, making it look you are on the competing search engine. [...]
January 6th, 2025 (3 months ago)
|
|
|
Description: In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
January 6th, 2025 (3 months ago)
|
|
|
Description: Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...]
January 5th, 2025 (3 months ago)
|
|
|
Description: Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
"We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program
January 3rd, 2025 (4 months ago)
|
|
|
Description: Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML
January 2nd, 2025 (4 months ago)
|
|
|
Description: Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
"Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
December 31st, 2024 (4 months ago)
|
|
|
Description: Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. [...]
December 30th, 2024 (4 months ago)
|