CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21171
.NET Remote Code Execution Vulnerability
Description: .NET Remote Code Execution Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)
Microsoft: January Windows security updates break audio playback
Description: ​Microsoft has confirmed that the January 2025 Windows security updates are breaking audio playback on some systems with external DACs (digital-to-analog converters). [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)
Microsoft Teams phishing attack alerts coming to everyone next month
Description: Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)

CVE-2024-35995
ACPI: CPPC: Use access_width over bit_width for system memory accesses
Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BI...

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (5 months ago)
Microsoft to deprecate WSUS driver synchronization in 90 days
Description: Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now. [...]
Source: BleepingComputer
January 24th, 2025 (5 months ago)
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Description: Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]
Source: BleepingComputer
January 24th, 2025 (5 months ago)
2025 State of SaaS Backup and Recovery Report
Description: The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this
Source: TheHackerNews
January 24th, 2025 (5 months ago)

CVE-2025-24034
Himmelblau leaks credentials in the debug log
Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.

CVSS: LOW (3.2)

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (5 months ago)

CVE-2024-43571
Sudo for Windows Spoofing Vulnerability
Description: Sudo for Windows Spoofing Vulnerability

CVSS: MEDIUM (5.6)

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (5 months ago)

CVE-2024-43570
Windows Kernel Elevation of Privilege Vulnerability
Description: Windows Kernel Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

Source: CVE
January 24th, 2025 (5 months ago)