Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
INVT HMITool and VT-Designer Riddled with 9 RCE Vulnerabilities, Windows Industrial Systems at Risk
Nine high-severity remote code execution (RCE) vulnerabilities in INVT’s HMITool and VT-Designer engineering software are exposing Windows workstations in industrial environments to attacks through...
Schneider Electric Issues Emergency Firmware Fix for M340 PLC DoS Flaw (CVE-2025-6625)
Schneider Electric has released firmware updates to address a high-severity denial-of-service vulnerability in its Modicon M340 programmable logic controllers and associated communication modules....
CISA Flags Urgent Patches for Exploited Citrix Session Recording and Git Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025, signaling active exploitation of flaws...
CISA Unveils SBOM Draft Requiring Hashes, Licenses, and Build Context—Public Comment Opens
The Cybersecurity and Infrastructure Security Agency (CISA) released a draft update to its Software Bill of Materials (SBOM) minimum elements on August 22, 2025, immediately opening a public comment...
Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately
Microsoft has issued a critical security advisory for CVE-2025-55231, a race‑condition vulnerability in the Windows storage management stack that could allow remote code execution. The flaw,...
Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing
Microsoft this week disclosed CVE-2025-55229, a high-impact spoofing vulnerability in Windows certificate handling that allows attackers to bypass signature verification over a network. The flaw,...
Chrome 139 Seals High-Severity V8 Out-of-Bounds Write CVE-2025-9132, Enterprises Scramble to Patch Edge
Google on August 19 shipped Chrome 139.0.7258.138 to patch a high-severity out-of-bounds write in its V8 JavaScript engine, tracked as CVE-2025-9132, that could let attackers execute arbitrary code...
CVE-2025-53763: Microsoft Flags Azure Databricks Privilege Escalation Flaw, Urges Immediate Defensive Actions
Microsoft has disclosed a new privilege escalation vulnerability in Azure Databricks, tracked as CVE-2025-53763, which could allow an attacker with network access to elevate their privileges within...
Patch Now: Microsoft's netbt.sys Kernel Flaw (CVE-2025-55230/47996) Grants Attackers Full Control
A local elevation-of-privilege flaw in the Windows MBT Transport driver—the kernel component behind NetBIOS over TCP/IP—can hand attackers full SYSTEM rights, and while Microsoft’s July 2025...
PC Manager’s 7.8 CVSS Flaw Exposed: How Symlinks Give Attackers SYSTEM Rights
A vulnerability tracked as CVE-2025-29975 in Microsoft PC Manager hands local attackers a direct path to full SYSTEM control. With a CVSS 3.1 score of 7.8 (high) and a low attack complexity, the bug...
CISA Alerts Federal Agencies and Enterprises to Apple Image I/O Zero-Day Under Active Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog on August 21, 2025, triggering a mandatory patch sprint for...
CISA's Triple Threat: Mitsubishi HVAC 9.8, Unpatched MELSEC DoS, and Fujifilm Privilege Escalation
Mitsubishi Electric’s air conditioning controllers face a critical authentication bypass with a CVSS severity score of 9.8, leading a trio of industrial control system (ICS) and medical device...