Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 18th, 2025 (about 2 months ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
CVSS: MEDIUM (6.5)
April 18th, 2025 (about 2 months ago)
|
CVE-2025-24054 |
Description: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVSS: MEDIUM (6.5)
April 17th, 2025 (about 2 months ago)
|
|
Description: ​​Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. [...]
April 17th, 2025 (about 2 months ago)
|
|
Description: Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. [...]
April 17th, 2025 (about 2 months ago)
|
|
Description: Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration.
The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
April 17th, 2025 (about 2 months ago)
|
|
Description: The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
April 16th, 2025 (about 2 months ago)
|
|
Description: Microsoft has issued a warning about a surge in cyberattacks leveraging Node.js to deliver malware and steal sensitive information. Since October 2024, its Defender Experts team has observed multiple campaigns using Node.js in novel ways to evade detection and persist in compromised environments. The findings come from a detailed analysis by Microsoft's Defender for Endpoint …
The post Microsoft: Node.js Increasingly Used for Malware Delivery and Data Theft appeared first on CyberInsider.
April 16th, 2025 (about 2 months ago)
|
|
Description: Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages.
"Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in
April 16th, 2025 (about 2 months ago)
|
|
Description: Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. [...]
April 16th, 2025 (about 2 months ago)
|
|
Description: Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. [...]
April 16th, 2025 (about 2 months ago)
|