Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Novel phising campaign uses corrupted Word documents to evade security
Description: A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. [...]
Source: BleepingComputer
December 2nd, 2024 (5 months ago)
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Description: Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An
Source: TheHackerNews
November 29th, 2024 (5 months ago)
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Description: Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
Source: TheHackerNews
November 29th, 2024 (5 months ago)
Microsoft re-releases Exchange updates after fixing mail delivery
Description: ​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Microsoft says it's not using your Word, Excel data for AI training
Description: ​Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)

CVE-2024-43498
.NET and Visual Studio Remote Code Execution Vulnerability
Description: .NET and Visual Studio Remote Code Execution Vulnerability

CVSS: CRITICAL (9.8)

EPSS Score: 0.16%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-43462
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-43459
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-43451
NTLM Hash Disclosure Spoofing Vulnerability
Description: NTLM Hash Disclosure Spoofing Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 1.33%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-43450
Windows DNS Spoofing Vulnerability
Description: Windows DNS Spoofing Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
November 27th, 2024 (5 months ago)