Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Description: Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The
Source: TheHackerNews
December 4th, 2024 (6 months ago)
Microsoft Boosts Device Security With Windows Resiliency Initiative
Description: Microsoft is readying a new release of Windows in 2025 that will have significant security controls such as more resilient drivers and "self-defending" operating system kernel.
Source: Dark Reading
December 2nd, 2024 (6 months ago)
Novel phising campaign uses corrupted Word documents to evade security
Description: A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. [...]
Source: BleepingComputer
December 2nd, 2024 (6 months ago)
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Description: Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An
Source: TheHackerNews
November 29th, 2024 (6 months ago)
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Description: Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
Source: TheHackerNews
November 29th, 2024 (6 months ago)
Microsoft re-releases Exchange updates after fixing mail delivery
Description: ​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Source: BleepingComputer
November 27th, 2024 (6 months ago)
Microsoft says it's not using your Word, Excel data for AI training
Description: ​Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...]
Source: BleepingComputer
November 27th, 2024 (6 months ago)
Microsoft Finally Releases Recall as Part of Windows Insider Preview
Description: The preview version now includes multiple security-focused additions Microsoft had promised to add, such as SecureBoot, BitLocker, and Windows Hello.
Source: Dark Reading
November 27th, 2024 (6 months ago)
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
Description: The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
Source: TheHackerNews
November 27th, 2024 (6 months ago)