Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical ANGLE Use-After-Free Fix in Chrome 139 Forces Urgent Edge and Enterprise Patching
Microsoft has confirmed that a freshly disclosed use-after-free vulnerability in the Chromium ANGLE graphics layer, tracked as CVE-2025-9478, is now resolved in the latest Edge stable channel —...
Patch Now: Delta COMMGR Critical Vulnerabilities Allow Remote Code Execution via .isp Files
Delta Electronics has issued an urgent security advisory and released COMMGR version 2.10.0 to fix two high-severity vulnerabilities that could let attackers execute arbitrary code on industrial...
Mitsubishi Says No Fix Coming for MELSEC iQ-F Cleartext Credential Flaw (CVE-2025-7731)
A serious vulnerability in Mitsubishi Electric's MELSEC iQ-F series programmable logic controllers leaves credentials exposed in plaintext network traffic, and the vendor has declared it will not...
Unpatchable ICS Vulnerabilities: Mitsubishi, Schneider, Delta Among Vendors in CISA's Nine-Alert Batch
Nine industrial control system advisories released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on August 28, 2025, expose critical weaknesses in products from Mitsubishi...
No Firmware Fix for MELSEC iQ-F Modbus Flaw CVE-2025-7405 – Windows & OT Teams Must Isolate Now
Mitsubishi Electric has notified customers that it will not release firmware updates to address a critical authentication bypass vulnerability in its MELSEC iQ-F series programmable logic controllers...
GE Vernova Issues Urgent Patch for CIMPLICITY DLL Hijacking Flaw Rated CVSS 7.0
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory detailing a dangerous privilege escalation vulnerability in GE Vernova’s CIMPLICITY HMI/SCADA platform....
Delta Seals Code-Execution Hole in CNCSoft-G2; Industrial Operators Told to Patch Fast
A memory corruption vulnerability in Delta Electronics' CNCSoft-G2 HMI software can give attackers full code execution on engineering workstations when victims open booby-trapped project files, the...
Schneider Electric Patches Saitel DR RTU Flaw CVE-2025-8453 — DP RTU Fix Still Pending
Schneider Electric has shipped a firmware remedy for its Saitel DR Remote Terminal Units to plug a privilege management hole tracked as CVE-2025-8453, while a corresponding fix for the Saitel DP line...
China-Linked Hackers Weaponize Known CVEs to Turn Core Routers into Spy Tools
Seventeen intelligence and cybersecurity agencies from the United States, United Kingdom, Australia, and allied nations issued an extraordinary joint advisory on August 28, 2025, exposing a...
US Cyber Agencies Sound Alarm on PRC Router Firmware Attacks Exposing Global Networks to Stealth Espionage
A joint cybersecurity advisory from CISA, the NSA, the FBI, and international partners has warned that state-sponsored Chinese APT actors are systematically compromising the backbone routers that...
CISA Flags Actively Exploited Citrix NetScaler CVE-2025-7775, Demands Urgent Patch
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) Catalog after...
CISA Flags Zero-Day in INVT VT-Designer and HMITool: Remote Code Execution via Malicious Files
A zero-day vulnerability in INVT's VT-Designer and HMITool engineering software lets attackers run arbitrary code on industrial control system (ICS) workstations simply by tricking a user into...