Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Unbound CVE-2025-11411: Critical DNS Cache Poisoning Vulnerability Patched
NLnet Labs has released an emergency security patch addressing CVE-2025-11411, a critical cache poisoning vulnerability in the Unbound DNS resolver that enables DNS delegation poisoning attacks. This...
KVM VMX RSB Underflow Patch CVE-2022-49610: Linux Hypervisor Security Fix
A critical security vulnerability in the Linux kernel's KVM hypervisor has been addressed through CVE-2022-49610, patching a Return Stack Buffer (RSB) underflow condition in the VMX (Virtual Machine...
Linux Kernel Patch Stops ath11k Log Flood in CVE-2022-49543 Firmware Crash Fix
The Linux kernel community has addressed a persistent issue in the ath11k wireless driver that was generating excessive warning messages during firmware crash recovery scenarios. Tracked as...
CVE-2022-49562: Linux KVM Vulnerability Exposes Critical Memory Safety Flaw
The Linux kernel development community has addressed a significant security vulnerability tracked as CVE-2022-49562, which exposed a subtle but critical flaw in the Kernel Virtual Machine (KVM)...
Azure Arc azcmagent Local Privilege Escalation: Critical Security Patch Required
Microsoft has issued urgent security guidance for a critical local privilege escalation vulnerability affecting Azure Arc's azcmagent component that could allow authenticated local users to gain...
CVE-2025-59500: Azure Notification Service Vulnerability Requires Cautious Patching
A newly discovered elevation-of-privilege vulnerability in Azure's notification infrastructure, tracked as CVE-2025-59500, has sent security teams scrambling to understand the implications and...
Azure Event Grid Security: CVE-2025-59273 Privilege Escalation Mitigation Guide
Microsoft has addressed a critical privilege escalation vulnerability in Azure Event Grid, designated as CVE-2025-59273, which could allow attackers to gain elevated access within cloud environments....
Veeder-Root TLS4B ATG Vulnerabilities: RCE and 2038 Time Bug Threaten Industrial Systems
Veeder-Root's TLS4B automatic tank gauge (ATG) systems are facing critical security vulnerabilities that could allow attackers to execute remote code and potentially disrupt fuel monitoring...
CVE-2025-9574: Critical ABB ALS Mini Vulnerability Exposes Industrial Systems
A critical security vulnerability designated CVE-2025-9574 has been identified in ABB's legacy ALS-mini load controllers, posing significant risks to industrial control systems and critical...
CVE-2025-59668: Critical NULL Pointer DoS Vulnerability in Medical Monitoring Systems
A newly disclosed vulnerability in NIHON KOHDEN's Central Monitor CNS-6201 (CVE-2025-59668) represents a critical security threat to medical monitoring systems, demonstrating how seemingly simple...
CISA Publishes 8 ICS Advisories: Critical Security Updates for Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive package of eight Industrial Control Systems (ICS) advisories, consolidating critical vendor disclosures and...
AutomationDirect Productivity Vulnerabilities Expose PLCs to RCE Attacks
A coordinated set of high-severity vulnerabilities in AutomationDirect's Productivity Suite programming software and several Productivity-series PLCs has been disclosed, creating significant risks...