Microsoft Office – TheCyberThrone

PoC for Microsoft Office Zeroday CVE-2024-38200 released

Security researcher Metin Yunus Kandemir have released the technical details and a PoC exploit that reveals a critical information disclosure flaw in Microsoft Office. This vulnerability, which affects multiple versions…

PravinKarthik October 5, 2024

Microsoft Office Zeorday CVE-2024-38200

Microsoft has disclosed the details of an unpatched zero-day in office that could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 with a…

PravinKarthik August 10, 2024

Microsoft Office Zeroday Exploited -CVE-2017-8570

Threat actors are seen leveraging an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. The attack begins with the exploitation of CVE-2017-8570,…

PravinKarthik April 27, 2024

Escanor Remote Access Trojan in action

A new RAT has been seen on the dark web weaponizing Microsoft Office and Adobe PDF documents to deliver malicious code, dubbed Escanor. The threat actors offer Android-based and PC-based…

PravinKarthik August 23, 2022

Homograph Attack Warning

Researchers have delivered an urgent warning to Microsoft Office users about homograph attacks, that results in data breach Homograph attacks misuse similar-looking characters to deceive users. The difference is slight,…

PravinKarthik June 5, 2022

Chinese APT exploits Follina

China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems. Microsoft has warned that the flaw could enable threat…

PravinKarthik June 1, 2022

Follina Mitigation Details Emerges

According to Microsoft, administrators can preempt attacks exploiting CVE-2022-30190 by disabling the MSDT protocol. This stops malicious actors from launching troubleshooters and from executing code on vulnerable systems. The process…

PravinKarthik June 1, 2022

Follina ZeroDay evades Microsoft Defender

Hackers are exploiting a vulnerability in Microsoft Office that enables them to fetch malicious code without detection in a multi-stage attack. The exploit, dubbed named Follina, abuses the remote template…

PravinKarthik May 30, 2022