Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity
March 20th, 2025 (about 1 month ago)
|
CVE-2025-21172 |
Description:
Nessus Plugin ID 232847 with High Severity
Synopsis
The remote Windows host is affected by a .NET Core vulnerability
Description
The version of Microsoft .NET 8 Core installed on the remote host is prior to 8.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172) - .NET Elevation of Privilege Vulnerability (CVE-2025-21173) - .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.
Read more at https://www.tenable.com/plugins/nessus/232847
CVSS: HIGH (7.5)
March 19th, 2025 (about 1 month ago)
|
|
Description: Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension.
March 19th, 2025 (about 1 month ago)
|
|
Description: ​Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes. [...]
March 19th, 2025 (about 1 month ago)
|
|
Description: Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...]
March 19th, 2025 (about 1 month ago)
|
|
|
Description: The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.
March 18th, 2025 (about 1 month ago)
|
|
Description: A previously unreported remote access trojan that Microsoft researchers dubbed StilachiRAT is designed to steal a wide range of data, including information about cryptocurrency wallet extensions for Google's Chrome browser.
March 18th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (10 days ago).
Description: A critical Windows zero-day vulnerability is being actively exploited by state-sponsored hacking groups, yet Microsoft has opted not to release a security patch. The flaw, which allows attackers to execute hidden commands using malicious shortcut (.lnk) files, has been leveraged in espionage campaigns since at least 2017. Widespread exploitation, no patch in sight The Trend …
The post Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability appeared first on CyberInsider.
March 18th, 2025 (about 1 month ago)
|
|
March 18th, 2025 (about 1 month ago)
|
|
Description: An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
March 18th, 2025 (about 1 month ago)
|