Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.
The tech giant's Digital Crimes Unit (DCU) said it has observed the threat actors "develop
January 11th, 2025 (3 months ago)
|
|
|
Description: Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update. [...]
January 10th, 2025 (3 months ago)
|
CVE-2024-12802 |
Description: SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 10th, 2025 (3 months ago)
|
|
|
Description: ​Microsoft has fixed a known issue causing macOS applications to freeze when opening or saving files in OneDrive. [...]
January 9th, 2025 (3 months ago)
|
|
|
Description: AI SPERA announced today that it launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. Learn more about how this tool provides real-time phishing email detection and URL blocking for Microsoft Outlook. [...]
January 9th, 2025 (3 months ago)
|
|
|
Description: Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. [...]
January 9th, 2025 (3 months ago)
|
|
CVE-2024-55412 |
Description: A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
EPSS Score: 0.04%
January 9th, 2025 (3 months ago)
|
|
CVE-2024-49079 |
Description: Input Method Editor (IME) Remote Code Execution Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 9th, 2025 (3 months ago)
|
|
CVE-2024-49075 |
Description: Windows Remote Desktop Services Denial of Service Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 9th, 2025 (3 months ago)
|
|
CVE-2024-49071 |
Description: Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
January 9th, 2025 (3 months ago)
|