Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Description: Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]
Source: BleepingComputer
January 24th, 2025 (3 months ago)
2025 State of SaaS Backup and Recovery Report
Description: The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this
Source: TheHackerNews
January 24th, 2025 (3 months ago)

CVE-2025-24034
Himmelblau leaks credentials in the debug log
Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.

CVSS: LOW (3.2)

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (3 months ago)

CVE-2024-43571
Sudo for Windows Spoofing Vulnerability
Description: Sudo for Windows Spoofing Vulnerability

CVSS: MEDIUM (5.6)

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (3 months ago)

CVE-2024-43570
Windows Kernel Elevation of Privilege Vulnerability
Description: Windows Kernel Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

Source: CVE
January 24th, 2025 (3 months ago)

CVE-2024-26257
Microsoft Excel Remote Code Execution Vulnerability
Description: Microsoft Excel Remote Code Execution Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (3 months ago)

CVE-2024-26193
Azure Migrate Remote Code Execution Vulnerability
Description: Azure Migrate Remote Code Execution Vulnerability

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (3 months ago)
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch
Source: TheRegister
January 22nd, 2025 (3 months ago)
Email Bombing, 'Vishing' Tactics Abound in Microsoft 365 Attacks
Description: Sophos noted more than 15 attacks have been reported during the past three months.
Source: Dark Reading
January 21st, 2025 (3 months ago)
Microsoft previews Game Assist in-game browser in Edge Stable
Description: ​Microsoft has announced that Game Assist, its recently unveiled in-game browser, is now also available in preview for Microsoft Edge Stable users. [...]
Source: BleepingComputer
January 21st, 2025 (3 months ago)