Security Advisory
The latest Security Advisory coverage — news, analysis, and updates from the WindowsNews.AI desk.
Excel zero-day CVE-2025-21387 with 9.8 CVSS exploited in attacks.
CVE-2025-21387: Critical RCE Vulnerability in Microsoft Excel Microsoft has issued an urgent security advisory regarding CVE-2025-21387, a critical Remote Code Execution (RCE) vulnerability affecting...
Microsoft warns of critical Disk Cleanup bug giving attackers SYSTEM access
CVE-2025-21420: Critical Vulnerability in Windows Disk Cleanup Tool Microsoft has disclosed a critical security vulnerability (CVE-2025-21420) affecting the Windows Disk Cleanup utility that could...
Critical Orthanc Server RCE Flaw Exposes Windows Medical Systems
A critical security vulnerability has been discovered in Orthanc Server, posing significant risks to Windows users who rely on this open-source DICOM server for medical imaging. The flaw, tracked as...
Emergency patch released for CVE-2025-0611 critical V8 flaw in Microsoft Edge.
Microsoft Edge users are facing a significant security threat following the discovery of CVE-2025-0611, a critical vulnerability in the Chromium V8 JavaScript engine that powers the browser. This...
ZF RSSPlus Critical Flaw Threatens ICS Systems: Patch Now
The ZF RSSPlus vulnerability has emerged as a critical cybersecurity concern for industrial control systems (ICS), prompting advisories from CISA and other security agencies. This in-depth analysis...
Siemens Mendix LDAP Vulnerability: Critical Security Alert and Patch Guidance
Siemens has issued an urgent security advisory regarding a critical LDAP injection vulnerability in its Mendix platform that could allow attackers to bypass authentication mechanisms. The...
SharePoint Server faces critical 8.8-severity spoofing flaw CVE-2025-21393 before April patch
Critical CVE-2025-21393 Vulnerability Discovered in Microsoft SharePoint Server Microsoft has issued a critical security advisory regarding CVE-2025-21393, a newly discovered spoofing vulnerability...
UPnP memory corruption bug CVE-2025-21389 lets attackers crash Windows via port 1900
A newly discovered critical vulnerability (CVE-2025-21389) in Windows' Universal Plug and Play (UPnP) host service (upnphost.dll) exposes systems to denial-of-service (DoS) attacks. This security...
Active exploits begin: Microsoft patches CVE-2025-21248 SYSTEM-level RCE in all Windows.
A newly discovered critical vulnerability in Windows Telephony Service (CVE-2025-21248) exposes millions of systems to remote code execution (RCE) attacks. Security researchers have rated this flaw...
Critical unpatched Windows bug grants SYSTEM access via network attacks.
Microsoft has disclosed a critical remote code execution (RCE) vulnerability in the Windows Telephony Service (CVE-2025-21237) that could allow attackers to take complete control of affected systems....
Critical Hitachi Energy FOXMAN-UN Flaws Risk Power Grid Attacks
Hitachi Energy has issued a critical security advisory regarding multiple vulnerabilities in its FOXMAN-UN platform, a widely used industrial control system (ICS) solution. These flaws could allow...
Security Risk Advisors Joins Microsoft Intelligent Security Association: Enhanced Windows Security Ahead
Security Risk Advisors (SRA), a leading cybersecurity consulting firm, has officially joined the Microsoft Intelligent Security Association (MISA), marking a significant step forward for Windows...