Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21355
Microsoft Bing Remote Code Execution Vulnerability
Description: Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network

CVSS: HIGH (8.6)

EPSS Score: 1.08%

Source: CVE
February 20th, 2025 (2 months ago)

CVE-2025-21355
CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability
Description: CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability

CVSS: HIGH (8.6)

EPSS Score: 1.08%

Source: DarkWebInformer
February 19th, 2025 (2 months ago)
A Threat Actor Claims to be Selling Access to SMTP Spammers Database Through Microsoft Graph API
Description: A Threat Actor Claims to be Selling Access to SMTP Spammers Database Through Microsoft Graph API
Source: DarkWebInformer
February 19th, 2025 (2 months ago)
Macro Security for Microsoft Office
Description: Why macros are a threat, and the approaches you can take to protect your systems.
Source: NCSC Alerts and Advisories
February 19th, 2025 (2 months ago)
Microsoft reminds admins to prepare for WSUS driver sync deprecation
Description: Microsoft once again reminded IT administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, just 60 days from now. [...]
Source: BleepingComputer
February 18th, 2025 (2 months ago)
Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild
Description: Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Source: Dark Reading
February 18th, 2025 (2 months ago)
Chinese hackers abuse Microsoft APP-v tool to evade antivirus
Description: The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. [...]
Source: BleepingComputer
February 18th, 2025 (2 months ago)
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
Description: The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,
Source: TheHackerNews
February 18th, 2025 (2 months ago)
Microsoft to remove the Location History feature in Windows
Description: Microsoft announced the deprecation of the Location History feature from Windows, which let applications like the Cortana virtual assistant to fetch location history of the device. [...]
Source: BleepingComputer
February 17th, 2025 (2 months ago)
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Description: Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to
Source: TheHackerNews
February 17th, 2025 (2 months ago)