Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
January 6th, 2025 (4 months ago)
|
|
|
Description: Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...]
January 5th, 2025 (4 months ago)
|
|
|
Description: Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
"We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program
January 3rd, 2025 (4 months ago)
|
|
|
Description: Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML
January 2nd, 2025 (4 months ago)
|
CVE-2024-43496 |
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 0.16%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43495 |
Description: Windows libarchive Remote Code Execution Vulnerability
CVSS: HIGH (7.3) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43492 |
Description: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43491 |
Description: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43489 |
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-43487 |
Description: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
January 1st, 2025 (4 months ago)
|