CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24034	Himmelblau leaks credentials in the debug log Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the logon compliance script issue, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`. CVSS: LOW (3.2) EPSS Score: 0.04% Source: CVE January 24th, 2025 (5 months ago)
CVE-2024-43571	Sudo for Windows Spoofing Vulnerability Description: Sudo for Windows Spoofing Vulnerability CVSS: MEDIUM (5.6) EPSS Score: 0.05% Source: CVE January 24th, 2025 (5 months ago)
CVE-2024-43570	Windows Kernel Elevation of Privilege Vulnerability Description: Windows Kernel Elevation of Privilege Vulnerability CVSS: MEDIUM (6.4) EPSS Score: 0.06% Source: CVE January 24th, 2025 (5 months ago)
CVE-2024-26257	Microsoft Excel Remote Code Execution Vulnerability Description: Microsoft Excel Remote Code Execution Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE January 24th, 2025 (5 months ago)
CVE-2024-26193	Azure Migrate Remote Code Execution Vulnerability Description: Azure Migrate Remote Code Execution Vulnerability CVSS: MEDIUM (6.4) EPSS Score: 0.05% Source: CVE January 24th, 2025 (5 months ago)
	Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch Source: TheRegister January 22nd, 2025 (5 months ago)
	Email Bombing, 'Vishing' Tactics Abound in Microsoft 365 Attacks Description: Sophos noted more than 15 attacks have been reported during the past three months. Source: Dark Reading January 21st, 2025 (5 months ago)
	Microsoft previews Game Assist in-game browser in Edge Stable Description: Microsoft has announced that Game Assist, its recently unveiled in-game browser, is now also available in preview for Microsoft Edge Stable users. [...] Source: BleepingComputer January 21st, 2025 (5 months ago)
	Ransomware gangs pose as IT support in Microsoft Teams phishing attacks Description: Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...] Source: BleepingComputer January 21st, 2025 (5 months ago)
	Microsoft: Exchange 2016 and 2019 reach end of support in October Description: Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. [...] Source: BleepingComputer January 20th, 2025 (5 months ago)