Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-12977: Critical Fluent Bit Tag Key Vulnerability Threatens Log Security
A newly disclosed critical vulnerability in Fluent Bit, identified as CVE-2025-12977, has sent shockwaves through the IT security community, exposing a fundamental flaw in how the popular open-source...
CVE-2025-12816: Critical Node-Forge ASN.1 Flaw Threatens JavaScript Supply Chain
A critical vulnerability in the widely-used JavaScript cryptography library node-forge has been disclosed, posing significant risks to thousands of applications and websites that depend on...
CVE-2025-12969: Critical Fluent Bit Auth Bypass Threatens Windows Logging Security
A severe authentication bypass vulnerability in Fluent Bit's forward input plugin, cataloged as CVE-2025-12969, has emerged as a critical security threat for Windows environments relying on this...
CVE-2025-66031: Critical Node-Forge ASN.1 DoS Vulnerability Threatens JavaScript Ecosystem
A newly disclosed high-severity vulnerability in the popular JavaScript cryptography library node-forge, tracked as CVE-2025-66031, has sent shockwaves through the JavaScript and web development...
CVE-2025-66030: Critical Node-Forge OID Parsing Vulnerability Threatens JavaScript Security
A critical vulnerability in the widely-used JavaScript cryptography library node-forge has been disclosed, posing significant risks to thousands of applications and services that rely on...
MAXHUB Pivot Password Recovery Flaw: Critical Security Alert for Windows Administrators
A critical security vulnerability has been discovered in MAXHUB Pivot, the fleet management software for MAXHUB interactive displays, that exposes organizations to significant risk through a password...
GX Works2 CVE-2025-3784 Exposes Plaintext Credentials in Industrial Control Systems
A critical vulnerability in Mitsubishi Electric's GX Works2 engineering software has exposed a fundamental security flaw affecting industrial control systems worldwide. Designated CVE-2025-3784, this...
CISA Issues Nine ICS Advisories: Critical OT & Windows Vulnerabilities Demand Action
The Cybersecurity and Infrastructure Security Agency (CISA) has released a consolidated bulletin containing nine new Industrial Control Systems (ICS) advisories, serving as a stark warning about the...
Johnson Controls iSTAR TLS Certificate Crisis: Security Flaw Exposes Physical Access Systems
A critical security vulnerability affecting Johnson Controls iSTAR door controllers has emerged as a significant threat to physical access control systems worldwide, with a certificate-handling flaw...
CVE-2025-26381: Johnson Controls OpenBlue Mobile Web App Forced Browsing Vulnerability
Johnson Controls has disclosed a significant security vulnerability in its OpenBlue Mobile Web Application for OpenBlue Workplace, tracked as CVE-2025-26381, which exposes building management systems...
Sunbird DCIM Security Alert: Critical CVEs in dcTrack & Power IQ Require Immediate Patching
A critical security advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted multiple vulnerabilities in Sunbird Software's widely used Data Center...
CISA Flags Windows OT Risk: Advantech iView Flaws Enable Remote Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple severe vulnerabilities in Advantech's iView industrial video monitoring and management...