Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Redis Misconfiguration Exposes Sensitive Data in Rockwell Automation's LogixAI: CISA Warns
Rockwell Automation’s FactoryTalk Analytics LogixAI contains a high-severity configuration weakness that could expose sensitive operational data to attackers on adjacent networks. The U.S....
CISA Warns: Remote Attackers Can Brick Rockwell ControlLogix 5580 Controllers — Patch Immediately
A critical flaw in Rockwell Automation’s ControlLogix 5580 programmable logic controllers can be exploited over the network to trigger a ‘major nonrecoverable fault,’ effectively bricking the...
Rockwell Patches Critical SSRF Flaw in ThinManager That Exposes NTLM Hashes to Attackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reissued a high-severity advisory on September 9, 2025, for a server-side request forgery (SSRF) vulnerability in Rockwell...
CVE-2025-9161: FactoryTalk Optix RCE via MQTT Plugin Loading — Upgrade to 1.6.0 Immediately
Industrial control system operators running Rockwell Automation’s FactoryTalk Optix visualization platform face a critical threat: a flaw in the product’s embedded MQTT broker allows...
CISA Releases 14 ICS Advisories: Urgent Patches for Rockwell, Schneider, and EG4 Inverter Flaws
{ "title": "CISA Releases 14 ICS Advisories: Urgent Patches for Rockwell, Schneider, and EG4 Inverter Flaws", "content": "The Cybersecurity and Infrastructure Security Agency (CISA) on September...
Rockwell Automation FactoryTalk Activation Manager Vulnerability Allows Remote Decryption and Hijacking
Rockwell Automation has issued an urgent security advisory after a critical cryptographic weakness was discovered in its FactoryTalk Activation Manager, a licensing tool deployed across thousands of...
CISA Warns: Rockwell 1783-NATR Vulnerable to Remote Memory Corruption, Patch Now to v1.007
Rockwell Automation has released an urgent firmware update after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a memory allocator bug in the 1783-NATR device could...
CISA Flags Rockwell CompactLogix 5480 Flaw That Lets Attackers Run Code Via Physical Access
Three words can make any plant manager’s blood run cold: arbitrary code execution. That’s what CISA is warning about with a newly republished advisory for the Rockwell Automation CompactLogix...
CVE-2025-7350: 9.6-Severity Stratix IOS Injection Flaw Lets Attackers Hijack Industrial Switches
Rockwell Automation has confirmed a remote injection vulnerability in its Stratix IOS that could allow unauthenticated attackers to upload and execute malicious configurations on industrial switches,...
ABB Patches Critical Authentication Bypass in ASPECT, NEXUS, and MATRIX BMS
{ "title": "ABB Patches Critical Authentication Bypass in ASPECT, NEXUS, and MATRIX BMS", "content": "ABB has rushed out firmware updates for its ASPECT, NEXUS, and MATRIX building management...
Microsoft Warns of Network-Exploitable Edge Bypass Flaw CVE-2025-53791, Urges Immediate Patching
Microsoft has disclosed CVE-2025-53791, a security feature bypass vulnerability in its Chromium-based Edge browser that can be triggered by an attacker over a network. The advisory, published in the...
Google Rushes Chrome 140 Fix for CVE-2025-9864 V8 Memory Bug, Microsoft Edge Also Patched
Google has released a critical security update for its Chrome browser, patching a high-severity use-after-free vulnerability in the V8 JavaScript engine that could let attackers hijack systems...