Live
INVT HMITool and VT-Designer Riddled with 9 RCE Vulnerabilities, Windows Industrial Systems at Risk·MSFT +0.1%Schneider Electric Issues Emergency Firmware Fix for M340 PLC DoS Flaw (CVE-2025-6625)·NVDA +3.0%CISA Flags Urgent Patches for Exploited Citrix Session Recording and Git Flaws·GOOGL +1.2%CISA Unveils SBOM Draft Requiring Hashes, Licenses, and Build Context—Public Comment Opens·AMZN +2.9%Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately·MSFT +0.1%Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing·NVDA +3.0%Chrome 139 Seals High-Severity V8 Out-of-Bounds Write CVE-2025-9132, Enterprises Scramble to Patch Edge·GOOGL +1.2%CVE-2025-53763: Microsoft Flags Azure Databricks Privilege Escalation Flaw, Urges Immediate Defensive Actions·AMZN +2.9%INVT HMITool and VT-Designer Riddled with 9 RCE Vulnerabilities, Windows Industrial Systems at Risk·MSFT +0.1%Schneider Electric Issues Emergency Firmware Fix for M340 PLC DoS Flaw (CVE-2025-6625)·NVDA +3.0%CISA Flags Urgent Patches for Exploited Citrix Session Recording and Git Flaws·GOOGL +1.2%CISA Unveils SBOM Draft Requiring Hashes, Licenses, and Build Context—Public Comment Opens·AMZN +2.9%Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately·MSFT +0.1%Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing·NVDA +3.0%Chrome 139 Seals High-Severity V8 Out-of-Bounds Write CVE-2025-9132, Enterprises Scramble to Patch Edge·GOOGL +1.2%CVE-2025-53763: Microsoft Flags Azure Databricks Privilege Escalation Flaw, Urges Immediate Defensive Actions·AMZN +2.9%

Security Alerts

The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 11:52 AM
Latest Most Read Breaking
Sort
Cve-2025-7223 · Cve-2025-7224

INVT HMITool and VT-Designer Riddled with 9 RCE Vulnerabilities, Windows Industrial Systems at Risk

Nine high-severity remote code execution (RCE) vulnerabilities in INVT’s HMITool and VT-Designer engineering software are exposing Windows workstations in industrial environments to attacks through...

Advertisement
Cve-2025-55231 · Incident Response

Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately

Microsoft has issued a critical security advisory for CVE-2025-55231, a race‑condition vulnerability in the Windows storage management stack that could allow remote code execution. The flaw,...

SE Security Desk·45w ago
802.1x · Authenticode

Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing

Microsoft this week disclosed CVE-2025-55229, a high-impact spoofing vulnerability in Windows certificate handling that allows attackers to bypass signature verification over a network. The flaw,...

SE Security Desk·45w ago
Browser Security · Chrome

Chrome 139 Seals High-Severity V8 Out-of-Bounds Write CVE-2025-9132, Enterprises Scramble to Patch Edge

Google on August 19 shipped Chrome 139.0.7258.138 to patch a high-severity out-of-bounds write in its V8 JavaScript engine, tracked as CVE-2025-9132, that could let attackers execute arbitrary code...

SE Security Desk·45w ago
Access Control · Audit Logs

CVE-2025-53763: Microsoft Flags Azure Databricks Privilege Escalation Flaw, Urges Immediate Defensive Actions

Microsoft has disclosed a new privilege escalation vulnerability in Azure Databricks, tracked as CVE-2025-53763, which could allow an attacker with network access to elevate their privileges within...

SE Security Desk·45w ago
Allocation Spraying · Attack Detection

Patch Now: Microsoft's netbt.sys Kernel Flaw (CVE-2025-55230/47996) Grants Attackers Full Control

A local elevation-of-privilege flaw in the Windows MBT Transport driver—the kernel component behind NetBIOS over TCP/IP—can hand attackers full SYSTEM rights, and while Microsoft’s July 2025...

SE Security Desk·45w ago
Applocker · Cve-2025-29975

PC Manager’s 7.8 CVSS Flaw Exposed: How Symlinks Give Attackers SYSTEM Rights

A vulnerability tracked as CVE-2025-29975 in Microsoft PC Manager hands local attackers a direct path to full SYSTEM control. With a CVSS 3.1 score of 7.8 (high) and a low attack complexity, the bug...

SE Security Desk·45w ago
Apple · Bod 22-01

CISA Alerts Federal Agencies and Enterprises to Apple Image I/O Zero-Day Under Active Exploit

The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog on August 21, 2025, triggering a mandatory patch sprint for...

SE Security Desk·45w ago
Air Conditioning Controllers · Cisa

CISA's Triple Threat: Mitsubishi HVAC 9.8, Unpatched MELSEC DoS, and Fujifilm Privilege Escalation

Mitsubishi Electric’s air conditioning controllers face a critical authentication bypass with a CVSS severity score of 9.8, leading a trio of industrial control system (ICS) and medical device...

SE Security Desk·45w ago