Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. [...]
February 17th, 2025 (2 months ago)
|
|
|
Description: More ASUS customers can now install Windows 11 24H2 after applying a BIOS update that resolves blue screen of death (BSOD) issues acknowledged in October. [...]
February 17th, 2025 (2 months ago)
|
|
|
Description: Microsoft has announced the deprecation and eventual removal of the Location History feature in Windows, which allowed applications, including Cortana, to access 24 hours of stored device location data. This change, set to take effect this month, will remove the corresponding settings from the Privacy & Security > Location page in Windows Settings, and location …
The post Microsoft to Deprecate Location History Feature in Windows appeared first on CyberInsider.
February 17th, 2025 (2 months ago)
|
|
|
Description: An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]
February 15th, 2025 (2 months ago)
|
CVE-2025-21401 |
Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS: MEDIUM (4.5) EPSS Score: 0.06%
February 15th, 2025 (2 months ago)
|
|
|
February 15th, 2025 (2 months ago)
|
|
|
Description: A newly discovered phishing campaign targeting Microsoft 365 accounts has been attributed to Russian-linked threat actors, leveraging an advanced technique known as device code authentication phishing. Reports from both Microsoft and cybersecurity firm Volexity indicate that multiple groups have been exploiting this method since mid-2024, targeting government agencies, NGOs, defense organizations, and private companies across …
The post Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on CyberInsider.
February 14th, 2025 (2 months ago)
|
|
|
Description: Microsoft has fixed a known issue causing "boot device inaccessible" errors during startup on some Windows Server 2025 systems using iSCSI. [...]
February 14th, 2025 (2 months ago)
|
|
|
Description: The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy.
"RansomHub has targeted over 600 organizations globally, spanning sectors
February 14th, 2025 (2 months ago)
|
|
|
Description: Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
February 14th, 2025 (2 months ago)
|