Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Novel phising campaign uses corrupted Word documents to evade security
Description: A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. [...]
Source: BleepingComputer
December 2nd, 2024 (5 months ago)
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Description: Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An
Source: TheHackerNews
November 29th, 2024 (5 months ago)
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Description: Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
Source: TheHackerNews
November 29th, 2024 (5 months ago)
Microsoft re-releases Exchange updates after fixing mail delivery
Description: ​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Microsoft says it's not using your Word, Excel data for AI training
Description: ​Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Microsoft Finally Releases Recall as Part of Windows Insider Preview
Description: The preview version now includes multiple security-focused additions Microsoft had promised to add, such as SecureBoot, BitLocker, and Windows Hello.
Source: Dark Reading
November 27th, 2024 (5 months ago)
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
Description: The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
Source: TheHackerNews
November 27th, 2024 (5 months ago)