Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Mitsubishi Electric Confirms Unpatched DoS Flaw in MELSEC iQ-F PLCs, Recommends Network Hardening
Mitsubishi Electric has disclosed a remotely exploitable denial-of-service vulnerability in the embedded web server of its MELSEC iQ-F series programmable logic controllers, tracked under an internal...
Fujifilm Medical Viewer Flaw Allows Unauthorized Access to Patient Scans — CISA Calls for Immediate Upgrade
A severe privilege-escalation vulnerability in FUJIFILM Healthcare Americas’ Synapse Mobility medical imaging viewer could allow remote attackers to bypass role-based access controls and view...
CISA's August 19 ICS Alert: Siemens Desigo CC SAML Bypass, Tigo Hardcoded Credentials, and EG4 Inverter Firmware Risks Exposed
Four industrial control system advisories released by CISA on August 19, 2025, pack an urgent punch for critical infrastructure operators, exposing dangerous flaws across building management...
Siemens Urges Patching of Desigo CC and SENTRON as CodeMeter Flaws Enable Remote RCE and Privilege Escalation
{ "title": "Siemens Urges Patching of Desigo CC and SENTRON as CodeMeter Flaws Enable Remote RCE and Privilege Escalation", "content": "Siemens has issued an urgent security advisory for the...
Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches
Siemens on August 14, 2025, disclosed a critical vulnerability in its Mendix SAML module that could allow unauthenticated attackers to bypass cryptographic signature verification and hijack user...
CISA Adds Actively Exploited Trend Micro Apex One Zero-Day to KEV, Mandates Rapid Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-54948, a critical command injection vulnerability in Trend Micro’s Apex One on-premises management console, to...
Google Chrome 139.0.7258.127 Plugs Aura Use-After-Free (CVE-2025-8882) and Other High-Severity Bugs
Google has deployed a critical stable-channel update for Chrome, version 139.0.7258.127, closing a use-after-free vulnerability in the Aura UI component tracked as CVE-2025-8882. The patch also...
Google Ships Chrome 139 Fix for ANGLE Out‑of‑Bounds Write, Microsoft Edge To Follow
Google has shipped a critical security update for Chrome, version 139.0.7258.127, to plug a dangerous out-of-bounds write flaw in the ANGLE graphics translation layer. Tracked as CVE-2025-8901, the...
Chrome 139 Fixes High-Severity libaom AV1 Heap Overflow; Edge Patch to Follow
Google has rolled out a stable-channel update for Chrome that patches CVE-2025-8879, a high-severity heap buffer overflow in the libaom AV1 codec library. The fix landed on August 12, 2025, in Chrome...
Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers
On August 12, 2025, Google rushed out Chrome 139.0.7258.127 with an urgent fix for CVE-2025-8880 — a high-severity race condition in the V8 JavaScript engine that could hand remote attackers the...
Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers
A critical logic flaw in Chromium's File Picker—one of the browser's most sensitive UI components—can be weaponized to leak data across origins, forcing Google and Microsoft to ship urgent...
Siemens Patches 7 Opcenter Quality Vulnerabilities: Upgrade to V2506 and Harden TLS Now
Siemens has issued an urgent security advisory for Opcenter Quality, bundling fixes for seven distinct vulnerabilities that affect the SmartClient modules, including Opcenter QL Home, SOA Audit, and...