Articles from 2025
Browse all Windows news articles published in 2025
Microsoft Patches CVE-2025-53798: RRAS Memory Leak Exposes VPN Gateways to Data Theft
Microsoft has released a vendor update to patch CVE-2025-53798, an information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows an attacker to read...
Windows RRAS Out-of-Bounds Read Flaw Exposes Memory to Remote Attackers
Microsoft has confirmed a memory disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that could allow unauthenticated attackers to extract sensitive information from...
Critical RRAS Flaw Exposes VPN Gateways to Remote Memory Leaks — Patch Immediately
A remote information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) received an out-of-band advisory from Microsoft this week, warning that attackers can siphon...
Critical RRAS Memory Leak CVE-2025-53797 Puts VPN Gateways at Risk – Patch Immediately
Microsoft has disclosed a high-severity information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that could allow unauthenticated attackers to read sensitive...
Redis Misconfiguration Exposes Sensitive Data in Rockwell Automation's LogixAI: CISA Warns
Rockwell Automation’s FactoryTalk Analytics LogixAI contains a high-severity configuration weakness that could expose sensitive operational data to attackers on adjacent networks. The U.S....
CISA Warns: Remote Attackers Can Brick Rockwell ControlLogix 5580 Controllers — Patch Immediately
A critical flaw in Rockwell Automation’s ControlLogix 5580 programmable logic controllers can be exploited over the network to trigger a ‘major nonrecoverable fault,’ effectively bricking the...
CVE-2025-9161: FactoryTalk Optix RCE via MQTT Plugin Loading — Upgrade to 1.6.0 Immediately
Industrial control system operators running Rockwell Automation’s FactoryTalk Optix visualization platform face a critical threat: a flaw in the product’s embedded MQTT broker allows...
Rockwell Patches Critical SSRF Flaw in ThinManager That Exposes NTLM Hashes to Attackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reissued a high-severity advisory on September 9, 2025, for a server-side request forgery (SSRF) vulnerability in Rockwell...
CISA Releases 14 ICS Advisories: Urgent Patches for Rockwell, Schneider, and EG4 Inverter Flaws
{ "title": "CISA Releases 14 ICS Advisories: Urgent Patches for Rockwell, Schneider, and EG4 Inverter Flaws", "content": "The Cybersecurity and Infrastructure Security Agency (CISA) on September...
Rockwell Automation FactoryTalk Activation Manager Vulnerability Allows Remote Decryption and Hijacking
Rockwell Automation has issued an urgent security advisory after a critical cryptographic weakness was discovered in its FactoryTalk Activation Manager, a licensing tool deployed across thousands of...
CISA Warns: Rockwell 1783-NATR Vulnerable to Remote Memory Corruption, Patch Now to v1.007
Rockwell Automation has released an urgent firmware update after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a memory allocator bug in the 1783-NATR device could...
CISA Flags Rockwell CompactLogix 5480 Flaw That Lets Attackers Run Code Via Physical Access
Three words can make any plant manager’s blood run cold: arbitrary code execution. That’s what CISA is warning about with a newly republished advisory for the Rockwell Automation CompactLogix...