Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21384
Azure Health Bot Elevation of Privilege Vulnerability
Description: An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

CVSS: HIGH (8.3)

EPSS Score: 0.09%

Source: CVE
April 1st, 2025 (2 months ago)

CVE-2025-26683
Azure Playwright Elevation of Privilege Vulnerability
Description: Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

CVSS: HIGH (8.1)

EPSS Score: 0.08%

Source: CVE
March 31st, 2025 (2 months ago)
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Description: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...]
Source: BleepingComputer
March 31st, 2025 (2 months ago)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Description: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

CVSS: HIGH (7.0)

EPSS Score: 1.47%

Source: TheHackerNews
March 31st, 2025 (2 months ago)
Windows 11 Installations to Require Internet Connection and Microsoft Account
Description: In the latest Windows 11 Insider Preview Build 26200.5516, Microsoft has removed the ability to install the operating system without both internet connectivity and a Microsoft account, effectively eliminating a long-standing workaround that allowed local account setups during installation. The change was first spotted by security researcher Will Dormann, who noted that Microsoft has removed … The post Windows 11 Installations to Require Internet Connection and Microsoft Account appeared first on CyberInsider.
Source: CyberInsider
March 31st, 2025 (2 months ago)
Microsoft tests new Windows 11 tool to remotely fix boot crashes
Description: Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. [...]
Source: BleepingComputer
March 30th, 2025 (2 months ago)
Microsoft's killing script used to avoid Microsoft Account in Windows 11
Description: Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. [...]
Source: BleepingComputer
March 30th, 2025 (2 months ago)
Microsoft fixes button that restores classic Outlook client
Description: Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. [...]
Source: BleepingComputer
March 28th, 2025 (2 months ago)
Microsoft fixes Remote Desktop issues caused by Windows updates
Description: Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025. [...]
Source: BleepingComputer
March 28th, 2025 (2 months ago)
Hijacked Microsoft Stream classic domain spams SharePoint sites
Description: The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]
Source: BleepingComputer
March 27th, 2025 (2 months ago)