Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27953 |
Description: An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
EPSS Score: 0.08%
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-23104 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
EPSS Score: 0.03%
June 2nd, 2025 (6 days ago)
|
|
Description: American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. [...]
June 2nd, 2025 (6 days ago)
|
|
Description: Spyware maker NSO Group asked a federal judge to reduce the damages it owes to WhatsApp in a case involving 1,400 infected phones, or set up a new trial.
June 2nd, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on June 2nd, 2025 (6 days ago).
Description: Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller.BackgroundTenable’s Research Special Operations (RSO) and the Identity Content team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed zero-day in Active Directory called BadSuccessor.FAQWhat is BadSuccessor?BadSuccessor is the name of a zero-day privilege escalation vulnerability in Active Directory that was discovered and disclosed by Yuval Gordon, a security researcher at Akamai.According to Gordon, the flaw exists in delegated Managed Service Accounts (dMSAs), a service account type in Active Directory (AD) that was introduced in Windows Server 2025 to enable the migration of non-managed service accounts.What are the vulnerabilities associated with BadSuccessor?As of June 2, Microsoft had not assigned a CVE identifier for BadSuccessor. Microsoft is the CVE Numbering Authority (CNA) for its products. Since there are currently no patches available for BadSuccessor, no CVE has been assigned. If Microsoft does assign a CVE alongside patches for it, we will update this blog accordingly.How is BadSuccessor exploited?To exploit BadSuccessor, an attacker needs to be able to access a user account with specific permissions in AD, and at least one domain controller in the domain needs to be running Windows Server 2025.Based on Akamai’s research, even if an AD do...
June 2nd, 2025 (6 days ago)
|
|
Description: A new campaign redirects users from gaming sites, social media, and even sponsored ads to fake Booking.com websites designed to infect devices with the dangerous AsyncRAT malware. First spotted by Malwarebytes in mid-May, the campaign exploits travelers searching for hotel deals, using deceptive tactics like fake CAPTCHA forms and clipboard hijacking to convince victims to …
The post Fake Booking.com Sites Trick Visitors Into Installing AsyncRAT Malware appeared first on CyberInsider.
June 2nd, 2025 (6 days ago)
|
|
Description: Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...]
June 2nd, 2025 (6 days ago)
|
|
Description: The sites were used for more than a decade by cybercriminals who wanted to test malware against security tools.
June 2nd, 2025 (6 days ago)
|
|
Description: Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...]
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-45542 |
Description: SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
EPSS Score: 0.13% SSVC Exploitation: poc
June 2nd, 2025 (6 days ago)
|