Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Russia-linked phishing attacks targeting NGOs with ties to Ukraine ask victims to join a video call, and result in them gaining access to Microsoft 365 accounts,
April 22nd, 2025 (about 2 months ago)
|
|
Description: Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2). [...]
April 22nd, 2025 (about 2 months ago)
|
|
Description: A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
April 22nd, 2025 (about 2 months ago)
|
|
Description: A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. [...]
April 22nd, 2025 (about 2 months ago)
|
|
Description: Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
April 22nd, 2025 (about 2 months ago)
|
|
April 21st, 2025 (about 2 months ago)
|
|
Description: Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
"In some systems, initial access was gained through
April 21st, 2025 (about 2 months ago)
|
|
Description: Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]
April 21st, 2025 (about 2 months ago)
|
|
Description: Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]
April 19th, 2025 (about 2 months ago)
|
|
Description: Microsoft has announced that support for Office 2016 and Office 2019 will officially end on October 14, 2025, prompting organizations to begin planning their migration to Microsoft 365 Apps. The company emphasizes that continuing to use these legacy versions after the deadline could result in missing critical security updates and experiencing connectivity issues with Microsoft …
The post Microsoft Sets October 2025 Deadline to Replace Office 2016 and 2019 appeared first on CyberInsider.
April 18th, 2025 (about 2 months ago)
|