Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don't typically monitor.
February 25th, 2025 (about 2 months ago)
|
|
|
Description: Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. [...]
February 25th, 2025 (about 2 months ago)
|
|
|
Description: Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. [...]
February 25th, 2025 (about 2 months ago)
|
|
|
Description: Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.
The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,
February 25th, 2025 (about 2 months ago)
|
CVE-2024-49035 |
Description: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vuln...
CVSS: HIGH (8.7)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-49035 |
Description: Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
CVSS: HIGH (8.7)
February 25th, 2025 (about 2 months ago)
|
|
|
Description: Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. [...]
February 24th, 2025 (about 2 months ago)
|
|
|
Description: A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials. [...]
February 24th, 2025 (about 2 months ago)
|
|
|
Description: Protecting identities has become a top priority for security teams. However, many organizations remain exposed due to blind spots caused by identity sprawl and misplaced trust in identity providers. This blog explores why traditional security measures fall short, how AI-driven attackers are escalating identity threats, and why a proactive, identity-first approach is the only way forward.The identity security game has changed—not just because attackers are inventing new exploits, but because we’ve unintentionally made their job easier. Identity sprawl has opened the doors wide, effectively giving attackers their own “golden ticket” —pun intended— to target what is arguably an organization’s most valuable asset: its identities. Remember when an employee only needed one corporate login and a handful of permissions to access the applications and resources they needed to get their job done? Today, every worker, contractor, service account and even every IoT device is entangled in a complex web of permissions spread across multiple identity providers (IDPs), spanning directory services, such as Microsoft’s Active Directory (AD) and Entra ID; cloud services; SaaS apps; and remote access tools. The rise of IoT has further compounded this challenge by introducing machine identities that seamlessly interact across these environments, increasing both operational complexity and security risks.Identity sprawl is now a major challenge for organizations, with 57% of security professional...
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-1488 |
Description: The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.
CVSS: MEDIUM (4.7) EPSS Score: 0.02%
February 24th, 2025 (about 2 months ago)
|