Live
CISA Orders Patching of 2007 Excel Bug, 2013 IE Flaw, and 2025 WinRAR Zero-Day·MSFT +0.1%Active SharePoint RCE Exploits Chain Deserialization Bug to Deploy Web Shells and Ransomware·NVDA +3.0%Microsoft Patches CVE-2025-49736: Android Edge UI Spoofing Bug Allows Credential Theft·GOOGL +1.2%Azure VM Spoofing Flaw CVE-2025-49707: Microsoft Patches Local Access Control Bypass·AMZN +2.9%Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android·MSFT +0.1%Critical Word Flaw CVE-2025-53784 Lets Attackers Hijack PCs via Malicious Docs — Patch Immediately·NVDA +3.0%Microsoft: CVE-2025-48807 Hyper V Exploit Demands Local Access, Yet Threatens Entire Host Infrastructures·GOOGL +1.2%Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data·AMZN +2.9%CISA Orders Patching of 2007 Excel Bug, 2013 IE Flaw, and 2025 WinRAR Zero-Day·MSFT +0.1%Active SharePoint RCE Exploits Chain Deserialization Bug to Deploy Web Shells and Ransomware·NVDA +3.0%Microsoft Patches CVE-2025-49736: Android Edge UI Spoofing Bug Allows Credential Theft·GOOGL +1.2%Azure VM Spoofing Flaw CVE-2025-49707: Microsoft Patches Local Access Control Bypass·AMZN +2.9%Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android·MSFT +0.1%Critical Word Flaw CVE-2025-53784 Lets Attackers Hijack PCs via Malicious Docs — Patch Immediately·NVDA +3.0%Microsoft: CVE-2025-48807 Hyper V Exploit Demands Local Access, Yet Threatens Entire Host Infrastructures·GOOGL +1.2%Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data·AMZN +2.9%

Security Alerts

The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 7:55 PM
Latest Most Read Breaking
Sort
Bod 22-01 · Cisa

CISA Orders Patching of 2007 Excel Bug, 2013 IE Flaw, and 2025 WinRAR Zero-Day

On August 12, the Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—two of them first disclosed during the...

Advertisement
Android Browser · Browser Security

Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android

Microsoft’s Security Response Center has disclosed CVE-2025-49755, a user-interface spoofing flaw in Microsoft Edge (Chromium-based) for Android that could let attackers trick users into handing...

SE Security Desk·46w ago
Attack Surface Reduction · Cve-2025-53784

Critical Word Flaw CVE-2025-53784 Lets Attackers Hijack PCs via Malicious Docs — Patch Immediately

Microsoft’s latest security advisory warns of a memory-corruption flaw in Word—CVE-2025-53784—that hands attackers a local-code-execution foothold from nothing more than a booby-trapped...

SE Security Desk·46w ago
Cve-2025-48807 · Endpoint Security

Microsoft: CVE-2025-48807 Hyper V Exploit Demands Local Access, Yet Threatens Entire Host Infrastructures

Despite a CVE title suggesting a remote code execution flaw, Microsoft confirmed this week that CVE‑2025‑48807—a vulnerability in Hyper‑V’s Virtualization Service Provider (VSP)...

SE Security Desk·46w ago
Air-gapped · Authentication

Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data

Microsoft has published an urgent security advisory for CVE-2025-53793, an improper authentication vulnerability in Azure Stack Hub that could allow unauthenticated attackers to access sensitive...

SE Security Desk·46w ago
Cve-2025-53788 · Edr

WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation

Microsoft released an out-of-band Windows Subsystem for Linux (WSL) update on August 6, 2025, patching a local elevation-of-privilege vulnerability that could let attackers break out of WSL2...

SE Security Desk·46w ago
Cve-2025-49723 · Cve-2025-53789-mismatch

CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers

Microsoft's July 2025 Patch Tuesday delivers a fix for a high-severity missing authorization vulnerability in the Windows StateRepository API, tracked as CVE-2025-49723. The bug lets an already...

SE Security Desk·46w ago
Cve-2025-53783 · Cybersecurity

Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching

Microsoft has published a security advisory for CVE-2025-53783, a heap-based buffer overflow in Microsoft Teams that allows an unauthorized attacker to execute code remotely over a network. The...

SE Security Desk·46w ago
Cve-2025-50155 · Edr

CVE-2025-50155: Critical Windows Push Notifications EoP Flaw Exposes Systems to Full Takeover

A serious elevation-of-privilege vulnerability in Windows Push Notifications has been cataloged as CVE-2025-50155 by Microsoft, giving authenticated local attackers a clear path to SYSTEM-level...

SE Security Desk·46w ago