CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21355 |
Description: Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 20th, 2025 (4 months ago)
|
|
CVE-2025-24989 |
🚨 Marked as known exploited on February 21st, 2025 (4 months ago).
Description: An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
CVSS: HIGH (8.2) EPSS Score: 25.72%
February 20th, 2025 (4 months ago)
|
|
CVE-2025-21355 |
Description: Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 20th, 2025 (4 months ago)
|
|
CVE-2025-21355 |
Description: CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability
CVSS: HIGH (8.6) EPSS Score: 1.08%
February 19th, 2025 (4 months ago)
|
|
Description: A Threat Actor Claims to be Selling Access to SMTP Spammers Database Through Microsoft Graph API
February 19th, 2025 (4 months ago)
|
|
|
Description: Why macros are a threat, and the approaches you can take to protect your systems.
February 19th, 2025 (4 months ago)
|
|
|
Description: Microsoft once again reminded IT administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, just 60 days from now. [...]
February 18th, 2025 (4 months ago)
|
|
|
Description: Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
February 18th, 2025 (4 months ago)
|
|
|
Description: The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. [...]
February 18th, 2025 (4 months ago)
|
|
|
Description: The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,
February 18th, 2025 (4 months ago)
|