Cve 2025 1098
The latest Cve 2025 1098 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Foxit Ships Urgent Patch for 30+ Security Holes in PDF Reader and Editor
Foxit Software patched over 30 vulnerabilities in Foxit PDF Reader and Editor on July 8, 2026. The fixes, which include critical remote code execution flaws like CVE-2026-57239, are available in versions 2026.1.2, 14.0.5, and 13.2.5. Users and enterprises must update immediately to protect against attacks that could hijack their systems via malicious PDFs.
How to Keep Using Remote Desktop on Windows 10 After July 2026: ESU and VPN Are Key
Windows 10 won't stop hosting Remote Desktop sessions after October 2025, but only Extended Security Updates and a VPN can keep it safe. The old practice of forwarding port 3389 must end—here's what home users, pros, and IT admins need to know for July 2026 and beyond.
Android's Open-Source Mirage: What It Means for Your Windows PC
Android's core is open source, but Google's proprietary services make most phones a closed ecosystem. This affects Windows users through cross-platform integration, privacy, and app availability. Understanding the distinction helps you make informed choices about your device and its trade-offs.
Deleting Microsoft Teams Free Can Erase Your Entire Microsoft Account
Deleting a Microsoft Teams Free account does not just remove the chat app; it permanently closes your entire Microsoft account, erasing emails, files, Xbox data, and purchases. This article explains the hidden consequences, how the integration came about, and offers step‑by‑step guidance on safeguarding your data before taking any action.
Windows Updates Demystified: Security, Preview, and Emergency Patches Explained
Windows Update now follows three distinct servicing lanes: mandatory security patches on Patch Tuesday, optional previews for early testing, and emergency out-of-band fixes. This guide breaks down each type, who should install them, and how to tailor your update strategy for maximum stability.
Critical SNMP Vulnerability in Schneider Electric Easergy Relays Opens Door to Grid Disruption
CISA has issued an advisory for a critical vulnerability in Schneider Electric Easergy MiCOM P40 relays that could allow remote attackers to execute code via SNMP. The flaw impacts industrial control systems used in electrical substations, and asset owners should apply firmware updates immediately. Windows administrators in connected IT environments must also take steps to segment networks and limit exposure.
OpenPLC v3 Flagged End-of-Life as Critical File-Write Vulnerability Surfaces — Upgrade to v4 Now, CISA Urges
CISA warns that OpenPLC v3, widely used for soft PLCs on Windows and other platforms, contains a critical file-upload flaw (CVE-2026-14480) with no patch coming. The only fix is upgrading to the newly released OpenPLC v4, forcing industrial operators and home users alike to plan immediate migrations or risk remote code execution via the web interface.
Schneider Electric Patches 7 Security Holes in PowerChute Serial Shutdown—Update Your UPS Software Now
Schneider Electric has fixed seven vulnerabilities (CVE-2026-2399 to CVE-2026-2405) in PowerChute Serial Shutdown by releasing version 1.5. All previous versions are affected, and users must update immediately to prevent potential local privilege escalation and code execution on Windows systems managing UPS devices.
Vishing Attackers to Bypass Microsoft 365 Passkeys, Hijack Enterprise Accounts Starting April 2026
A threat intelligence report reveals that the Pink extortion group is planning a voice-phishing campaign to hijack enterprise Microsoft 365 accounts by tricking users into enrolling attacker-controlled passkeys, bypassing multifactor authentication. Here’s how the attack works and what IT admins can do to protect their organizations before the campaign begins in April 2026.
Windows 11 Now Lets You Pin Clipboard Items — Here’s What It Means for Sync and Security
Windows 11 now lets users pin clipboard items for permanent retention, a feature first spotted by Paul Thurrott. While pinning simplifies frequent paste tasks, it also raises concerns about unintended data sync across devices and a lack of dedicated administrative controls, requiring both users and IT teams to take immediate precautions.
Attackers Are Tricking Microsoft Users Into Adding Rogue Passkeys—Here’s the Fix
A vishing campaign tracked as O-UNC-066 by Okta is tricking Microsoft 365 users into enrolling attacker-controlled passkeys, bypassing MFA. The article details the attack, its impact on businesses, and steps IT admins should take immediately to protect their Entra ID environments.
Windows Patch Alert: curl Flaw Leaks Old Proxy Credentials—Here’s the Fix
Microsoft has disclosed CVE-2026-9079, a libcurl vulnerability affecting versions 8.8.0 through 8.20.0 that can leak old proxy authentication credentials. Windows users who use curl behind authenticated proxies are at risk, as the flaw causes stale passwords to be resent. The fix is available via Windows Update and upstream curl release 8.21.0; users should update immediately and audit any third-party software that embeds libcurl.
Vulnerable Qualcomm Driver Could Crash Your Linux System – Here’s the Fix (CVE-2026-53339)
A critical bug (CVE-2026-53339) in the Linux kernel's Qualcomm CCI I2C driver can let local users trigger a kernel panic on vulnerable hardware. The flaw affects certain Qualcomm SoCs with dual I2C masters, and patches have been backported to all supported stable kernel releases; Windows users running WSL2 on Arm devices should ensure they have the latest WSL kernel update.