Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Who's Afraid of AI Risk in Cloud Environments?
Description: The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.With AI bursting out all over these are exhilarating times. The use by developers of self-managed AI tools and cloud-provider AI services is on the rise as engineering teams rush to the AI front. This uptick and the fact that AI models are data-thirsty — requiring huge amounts of data to improve accuracy and performance — means increasingly more AI resources and data are in cloud environments. The million dollar question in the cybersecurity wheelhouse is: What is AI growth doing to my cloud attack surface?The Tenable Cloud AI Risk Report 2025 by Tenable Cloud Research revealed that AI tools and services are indeed introducing new risks. How can you prevent such risks?Let’s look at some of the findings and related challenges, and at proactive AI risk reduction measures within easy reach.Why we conducted this researchUsing data collected over a two-year period, the Tenable Cloud Research team analyzed in-production workloads and assets across cloud and enterprise environments — including Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). We sought to understand adoption levels of AI development tooling and frameworks, and AI services, and carry out a reality check on any emerging sec...
Source: Tenable Blog
March 26th, 2025 (24 days ago)
Microsoft: Recent Windows updates cause Remote Desktop issues
Description: Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025. [...]
Source: BleepingComputer
March 26th, 2025 (24 days ago)
Windows 11 update breaks Veeam recovery, causes connection errors
Description: Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. [...]
Source: BleepingComputer
March 26th, 2025 (24 days ago)
EncryptHub linked to zero-day attacks targeting Windows systems
Description: A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. [...]
Source: BleepingComputer
March 25th, 2025 (25 days ago)
New Android malware uses Microsoft’s .NET MAUI to evade detection
Description: New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. [...]
Source: BleepingComputer
March 25th, 2025 (25 days ago)
Microsoft Gives Security Copilot Some Autonomy
Description: New agentic AI capabilities in Microsoft Security Copilot will allow agents to triage threats and provide recommendations.
Source: Dark Reading
March 25th, 2025 (25 days ago)
AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
Description: Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.
Source: TheHackerNews
March 25th, 2025 (25 days ago)
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
Description: Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET
Source: TheHackerNews
March 25th, 2025 (25 days ago)
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
Description: Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
Source: TheHackerNews
March 24th, 2025 (26 days ago)
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Description: Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn't always enough. Don't let threats persist in your cloud data. Strengthen your defenses. [...]
Source: BleepingComputer
March 24th, 2025 (26 days ago)