Threat and Vulnerability Intelligence Database

Example Searches:

	Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts Description: Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas Source: TheHackerNews February 14th, 2025 (4 months ago)
	FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux Description: Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university, Source: TheHackerNews February 13th, 2025 (4 months ago)
CVE-2025-25199	[github.com/microsoft/go-crypto-winnative] go-crypto-winnative BCryptGenerateSymmetricKey memory leak Description: Calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. References https://github.com/microsoft/go-crypto-winnative/security/advisories/GHSA-29c6-3hcj-89cf https://nvd.nist.gov/vuln/detail/CVE-2025-25199 https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 https://github.com/advisories/GHSA-29c6-3hcj-89cf EPSS Score: 0.04% Source: Github Advisory Database (Go) February 12th, 2025 (4 months ago)
	Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries Description: A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the Source: TheHackerNews February 12th, 2025 (4 months ago)
	Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally Description: Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world. Source: Dark Reading February 12th, 2025 (4 months ago)
	New FinalDraft Malware Uses Microsoft Outlook for Espionage Description: Elastic Security Labs has identified a new malware family named FinalDraft, that uses Microsoft’s Graph API to communicate through Outlook email drafts, allowing attackers to bypass traditional network monitoring. The malware is part of a sophisticated cyber-espionage campaign and includes a custom loader, a backdoor, and multiple post-exploitation modules targeting a foreign ministry. Elastic Security … The post New FinalDraft Malware Uses Microsoft Outlook for Espionage appeared first on CyberInsider. Source: CyberInsider February 12th, 2025 (4 months ago)
	Podcast: AI Is Breaking Our Brains Description: This week we discuss a new Microsoft study that finds using generative AI is "atrophying" people's cognition and critical thinking skills, the right's war on Wikipedia, and, in the subscriber's section, the idea of posting against fascism. Source: 404 Media February 12th, 2025 (4 months ago)
	Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation Description: Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge Source: TheHackerNews February 12th, 2025 (4 months ago)
	February's Patch Tuesday sees Microsoft offer just 63 fixes Source: TheRegister February 12th, 2025 (4 months ago)
	Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws 🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago). Description: Microsoft has released its February 2025 Patch Tuesday update, addressing 55 security vulnerabilities, including two actively exploited zero-day flaws. The update includes fixes for elevation of privilege vulnerabilities in Windows Storage and the Windows Ancillary Function Driver for WinSock, which have been detected in real-world attacks. Zero-days under active exploitation Among the most critical fixes … The post Microsoft February 2025 Patch Tuesday Fixes Two Zero-Day Flaws appeared first on CyberInsider. Source: CyberInsider February 11th, 2025 (4 months ago)