Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Edge Fixes Mojo IPC Flaw That Bypasses Site Isolation: Update Now (CVE-2025-10201)
Microsoft has shipped a critical patch for the Chromium-based Edge browser that closes a high-severity vulnerability allowing remote attackers to bypass the browser’s site isolation protections....
CVE-2025-55319: How Agentic AI in Visual Studio Code Can Enable Remote Code Execution
A newly listed vulnerability in Microsoft’s Security Response Center, CVE-2025-55319, pulls back the curtain on a dangerous new class of attacks: prompt injections that weaponize agentic AI...
CVE-2025-10200: Chrome 140 Patches ServiceWorker Use-After-Free, Edge Users Must Update Immediately
Google has shipped a critical patch for a use-after-free vulnerability in the ServiceWorker component of Chromium, tracked as CVE-2025-10200, with the release of Chrome version 140.0.7339.80/81 and...
CISA Flags Active Exploitation of Critical DELMIA Apriso RCE Vulnerability
CISA has added CVE-2025-5086, a critical deserialization of untrusted data vulnerability in Dassault Systèmes’ DELMIA Apriso, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...
Siemens, Schneider, Daikin ICS Flaws Could Let Attackers Remotely Cripple Operations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on September 11, 2025, released eleven industrial control systems (ICS) advisories detailing urgent security defects in Siemens,...
Urgent: EcoStruxure SMB Flaw Leaks Credentials, DoS Threatens Smart Buildings
Schneider Electric and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published revised advisories on August 12, 2025, detailing two vulnerabilities in the EcoStruxure Building...
Critical Siemens UMC Stack Overflow Grants Unauthenticated RCE — Patch to V2.15.1.3 Immediately
Siemens dropped a high-severity ProductCERT advisory on September 9, 2025, warning that its User Management Component (UMC) harbors a remotely exploitable stack-based buffer overflow that lets...
Vendor Won't Fix Daikin Gateway Pre-Auth Password Reset Bug—Public Exploit Code Heightens Risk for Energy Sector
A critical pre-authentication password reset vulnerability in Daikin Security Gateways, tracked as CVE-2025-10127, has entered a dangerous phase: public proof-of-concept exploit code is circulating,...
Siemens RUGGEDCOM Flaws: Block UDP Ports for Instant Mitigation, CISA Says
Industrial operators using Siemens RUGGEDCOM RST2428P switches can immediately protect their networks from two newly disclosed vulnerabilities by implementing a straightforward firewall rule,...
Windows OT Security Alert: Siemens Flaw CVE-2025-40757 Leaks Device Databases Over BACnet
A newly disclosed vulnerability in Siemens APOGEE PXC and TALON TC building automation controllers allows unauthenticated attackers to pull encrypted database files directly over the BACnet protocol,...
Siemens SIMOTION Flaw: Unpatched NSIS Installer Bug Grants Attackers SYSTEM Access on Windows
Siemens and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a coordinated advisory warning that several SIMOTION engineering tools contain a local privilege-escalation...
Siemens Confirms No Patch for IEM-OS Denial‑of‑Service Flaw, Orders Migration to IEM‑V
Siemens Industrial Edge Management OS (IEM‑OS) is vulnerable to a remotely exploitable denial‑of‑service condition, and the manufacturer has confirmed it will not issue a patch. Instead, all...