Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. [...]
June 3rd, 2025 (about 14 hours ago)
|
|
June 3rd, 2025 (about 16 hours ago)
|
|
Description: Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors. Rather than cover well-documented common abuses of built-in CSEs, this article demonstrates how to create custom malicious ones. These are harder for defenders to identify than legitimate built-in CSEs used in malicious contexts, which have known globally unique identifiers.What are Group Policy Objects?Group Policy Objects (GPOs), a core feature of Active Directory (AD), allow administrators to centrally manage and configure operating systems, applications and user settings across all computers in a domain by configuring a set of rules and configurations. (Source: Microsoft)It is well-known that attackers with sufficient AD access can abuse GPOs for malicious actions like code execution, malware deployment, immediate scheduled tasks, privilege escalation, and stealthy persistence establishment; these techniques are generally well-documented.Each GPO comprises two main parts:The groupPolicyContainer object (GPC) in AD’s LDAP, holding metadata such as display names and CSE listsThe Group Policy Template (GPT) in AD’s SYSVOL share, containing the actual policy files and scriptsWhat are client-side extensions (CSEs)?Have you ever wondered how the settings defined in a GPO actually get applied on a client computer? The magic behind this process lies in the CSEs.CSEs are critical componen...
June 3rd, 2025 (about 17 hours ago)
|
|
Description: We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue.
The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42.
June 3rd, 2025 (about 20 hours ago)
|
|
Description: Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
"By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft
June 3rd, 2025 (about 22 hours ago)
|
|
🚨 Marked as known exploited on June 2nd, 2025 (1 day ago).
Description: Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller.BackgroundTenable’s Research Special Operations (RSO) and the Identity Content team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed zero-day in Active Directory called BadSuccessor.FAQWhat is BadSuccessor?BadSuccessor is the name of a zero-day privilege escalation vulnerability in Active Directory that was discovered and disclosed by Yuval Gordon, a security researcher at Akamai.According to Gordon, the flaw exists in delegated Managed Service Accounts (dMSAs), a service account type in Active Directory (AD) that was introduced in Windows Server 2025 to enable the migration of non-managed service accounts.What are the vulnerabilities associated with BadSuccessor?As of June 2, Microsoft had not assigned a CVE identifier for BadSuccessor. Microsoft is the CVE Numbering Authority (CNA) for its products. Since there are currently no patches available for BadSuccessor, no CVE has been assigned. If Microsoft does assign a CVE alongside patches for it, we will update this blog accordingly.How is BadSuccessor exploited?To exploit BadSuccessor, an attacker needs to be able to access a user account with specific permissions in AD, and at least one domain controller in the domain needs to be running Windows Server 2025.Based on Akamai’s research, even if an AD do...
June 2nd, 2025 (1 day ago)
|
|
Description: Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...]
June 2nd, 2025 (1 day ago)
|
|
Description: Microsoft has released an out-of-band update to address a known issue causing some Windows 11 systems to enter recovery and fail to start while trying to install the KB5058405 May 2025 security update. [...]
June 2nd, 2025 (1 day ago)
|
|
Description: Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. [...]
May 30th, 2025 (4 days ago)
|
CVE-2024-42191 |
Description: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS: MEDIUM (6.5) EPSS Score: 0.01%
May 30th, 2025 (5 days ago)
|