Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CISA Flags Urgent ICS Vulnerabilities in Honeywell, ICONICS, Delta Electronics – Windows Admins Must Act
The Cybersecurity and Infrastructure Security Agency dropped five fresh Industrial Control Systems advisories on September 4, 2025, each one pressing Windows administrators and operational technology...
Critical Honeywell ICS Flaws: Patch OneWireless WDM Now to Block Remote Code Execution Attacks
Honeywell’s OneWireless Wireless Device Manager (WDM)—the nerve center of countless industrial wireless sensor networks—sits at the heart of a high‑severity coordinated disclosure that sent...
Actively Exploited TP-Link Router Flaws Land in CISA’s KEV—Windows Networks Face Credential Theft and Remote Takeover
CISA has dropped two TP-Link router vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog, confirming that attackers are actively chaining credential disclosure and command injection...
CISA and NSA Rally 19 Nations Behind Unified SBOM Blueprint to Expose Hidden Code Risks
On September 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), backed by 19 international partners, dropped a 22-page consensus document...
CISA Exposes Critical Hard-Coded Credentials in SunPower Solar Gear, Plus Flaws in Delta, Fuji, Hitachi ICS Software
Four new Industrial Control Systems (ICS) advisories from the Cybersecurity and Infrastructure Security Agency (CISA) on September 2, 2025, highlight severe vulnerabilities in energy and...
Delta Electronics Patches XXE Bug in EIP Builder, CISA Warns Critical Manufacturing Operators to Upgrade Now
A newly disclosed vulnerability in Delta Electronics’ EIP Builder engineering tool can allow attackers to exfiltrate sensitive files from industrial engineering workstations, and the U.S....
CISA Adds Actively Exploited TP-Link Extender and WhatsApp Zero-Click Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch them...
Critical Bluetooth Flaw in SunPower Inverters Grants Attackers Full Device Control
A newly disclosed vulnerability in SunPower PVS6 solar inverters exposes critical energy infrastructure to takeovers by attackers who merely need to be within Bluetooth range. The U.S. Cybersecurity...
Fuji Electric FRENIC-Loader 4 Flaw Opens Engineering Workstations to File-Based Code Execution Attacks
A critical deserialization vulnerability in Fuji Electric’s FRENIC-Loader 4 utility can give attackers full arbitrary code execution on industrial engineering workstations when a user opens a...
FreePBX Zero-Day Exploited in Wild: CISA Orders Emergency Patching for CVSS 10 RCE
CISA on August 29, 2025, added a critical vulnerability in Sangoma’s FreePBX telephony platform to its Known Exploited Vulnerabilities (KEV) Catalog, warning that attackers have been exploiting the...
Microsoft Tells Admins to Cap DNS UDP Buffer at 1221 Bytes on Windows Server 2025 to Block Cache Poisoning
Microsoft has updated its security advisory ADV200013 to explicitly cover Windows Server 2022, version 23H2, and the just‑released Windows Server 2025, and is again telling administrators to apply...
Critical ANGLE Use-After-Free Fix in Chrome 139 Forces Urgent Edge and Enterprise Patching
Microsoft has confirmed that a freshly disclosed use-after-free vulnerability in the Chromium ANGLE graphics layer, tracked as CVE-2025-9478, is now resolved in the latest Edge stable channel —...