Threat and Vulnerability Intelligence Database

Example Searches:

	Tycoon2FA phishing kit targets Microsoft 365 with new tricks Description: Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. [...] Source: BleepingComputer April 12th, 2025 (about 2 months ago)
CVE-2025-32726	Visual Studio Code Elevation of Privilege Vulnerability Description: Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. CVSS: MEDIUM (6.8) EPSS Score: 0.05% Source: CVE April 12th, 2025 (about 2 months ago)
CVE-2025-29834	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. CVSS: HIGH (7.5) EPSS Score: 0.06% Source: CVE April 12th, 2025 (about 2 months ago)
CVE-2025-29803	Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability Description: Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.3) EPSS Score: 0.06% Source: CVE April 12th, 2025 (about 2 months ago)
	Microsoft total recalls Recall totally to Copilot+ PCs Source: TheRegister April 11th, 2025 (about 2 months ago)
	Microsoft Defender will isolate undiscovered endpoints to block attacks Description: Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. [...] Source: BleepingComputer April 11th, 2025 (about 2 months ago)
	Microsoft starts final Windows Recall testing before rollout Description: Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...] Source: BleepingComputer April 11th, 2025 (about 2 months ago)
	Novel Microsoft Teams Attack Employs Unseen Malware Persistence Method Description: ReliaQuest uncovered a sophisticated malware campaign that begins with Microsoft Teams phishing and escalates into a rare persistence technique involving Type Library (TypeLib) hijacking — a method never previously seen in the wild. The campaign also delivered a newly discovered PowerShell backdoor, targeting finance and professional services sectors with high precision. The investigation was initiated … The post Novel Microsoft Teams Attack Employs Unseen Malware Persistence Method appeared first on CyberInsider. Source: CyberInsider April 11th, 2025 (about 2 months ago)
	Microsoft: Windows 'inetpub' folder created by security fix, don’t delete Description: Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. [...] Source: BleepingComputer April 11th, 2025 (about 2 months ago)
	Microsoft Edge is now up to 9% faster Description: The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. [...] Source: BleepingComputer April 11th, 2025 (about 2 months ago)