Live
CISA and NSA Rally 19 Nations Behind Unified SBOM Blueprint to Expose Hidden Code Risks·MSFT +0.1%CISA Exposes Critical Hard-Coded Credentials in SunPower Solar Gear, Plus Flaws in Delta, Fuji, Hitachi ICS Software·NVDA +3.0%Delta Electronics Patches XXE Bug in EIP Builder, CISA Warns Critical Manufacturing Operators to Upgrade Now·GOOGL +1.2%CISA Adds Actively Exploited TP-Link Extender and WhatsApp Zero-Click Flaws to KEV Catalog·AMZN +2.9%Critical Bluetooth Flaw in SunPower Inverters Grants Attackers Full Device Control·MSFT +0.1%Fuji Electric FRENIC-Loader 4 Flaw Opens Engineering Workstations to File-Based Code Execution Attacks·NVDA +3.0%FreePBX Zero-Day Exploited in Wild: CISA Orders Emergency Patching for CVSS 10 RCE·GOOGL +1.2%Microsoft Tells Admins to Cap DNS UDP Buffer at 1221 Bytes on Windows Server 2025 to Block Cache Poisoning·AMZN +2.9%CISA and NSA Rally 19 Nations Behind Unified SBOM Blueprint to Expose Hidden Code Risks·MSFT +0.1%CISA Exposes Critical Hard-Coded Credentials in SunPower Solar Gear, Plus Flaws in Delta, Fuji, Hitachi ICS Software·NVDA +3.0%Delta Electronics Patches XXE Bug in EIP Builder, CISA Warns Critical Manufacturing Operators to Upgrade Now·GOOGL +1.2%CISA Adds Actively Exploited TP-Link Extender and WhatsApp Zero-Click Flaws to KEV Catalog·AMZN +2.9%Critical Bluetooth Flaw in SunPower Inverters Grants Attackers Full Device Control·MSFT +0.1%Fuji Electric FRENIC-Loader 4 Flaw Opens Engineering Workstations to File-Based Code Execution Attacks·NVDA +3.0%FreePBX Zero-Day Exploited in Wild: CISA Orders Emergency Patching for CVSS 10 RCE·GOOGL +1.2%Microsoft Tells Admins to Cap DNS UDP Buffer at 1221 Bytes on Windows Server 2025 to Block Cache Poisoning·AMZN +2.9%

Security Alerts

The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 4:59 PM
Latest Most Read Breaking
Sort
Automation · Ci/cd

CISA and NSA Rally 19 Nations Behind Unified SBOM Blueprint to Expose Hidden Code Risks

On September 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), backed by 19 international partners, dropped a 22-page consensus document...

Advertisement
Adjacent Network · Bluetooth

Critical Bluetooth Flaw in SunPower Inverters Grants Attackers Full Device Control

A newly disclosed vulnerability in SunPower PVS6 solar inverters exposes critical energy infrastructure to takeovers by attackers who merely need to be within Bluetooth range. The U.S. Cybersecurity...

SE Security Desk·43w ago
Arbitrary Code · Cisa

Fuji Electric FRENIC-Loader 4 Flaw Opens Engineering Workstations to File-Based Code Execution Attacks

A critical deserialization vulnerability in Fuji Electric’s FRENIC-Loader 4 utility can give attackers full arbitrary code execution on industrial engineering workstations when a user opens a...

SE Security Desk·43w ago
Acp · Asterisk

FreePBX Zero-Day Exploited in Wild: CISA Orders Emergency Patching for CVSS 10 RCE

CISA on August 29, 2025, added a critical vulnerability in Sangoma’s FreePBX telephony platform to its Known Exploited Vulnerabilities (KEV) Catalog, warning that attackers have been exploiting the...

SE Security Desk·44w ago
1221 · Adv200013

Microsoft Tells Admins to Cap DNS UDP Buffer at 1221 Bytes on Windows Server 2025 to Block Cache Poisoning

Microsoft has updated its security advisory ADV200013 to explicitly cover Windows Server 2022, version 23H2, and the just‑released Windows Server 2025, and is again telling administrators to apply...

SE Security Desk·44w ago
Angle · Browser Patch

Critical ANGLE Use-After-Free Fix in Chrome 139 Forces Urgent Edge and Enterprise Patching

Microsoft has confirmed that a freshly disclosed use-after-free vulnerability in the Chromium ANGLE graphics layer, tracked as CVE-2025-9478, is now resolved in the latest Edge stable channel —...

SE Security Desk·44w ago
Buffer Overflow · Code Injection

Patch Now: Delta COMMGR Critical Vulnerabilities Allow Remote Code Execution via .isp Files

Delta Electronics has issued an urgent security advisory and released COMMGR version 2.10.0 to fix two high-severity vulnerabilities that could let attackers execute arbitrary code on industrial...

SE Security Desk·44w ago
Cisa · Cve-2025-7731

Mitsubishi Says No Fix Coming for MELSEC iQ-F Cleartext Credential Flaw (CVE-2025-7731)

A serious vulnerability in Mitsubishi Electric's MELSEC iQ-F series programmable logic controllers leaves credentials exposed in plaintext network traffic, and the vendor has declared it will not...

SE Security Desk·44w ago
Cisa · Cncsoft-g2

Unpatchable ICS Vulnerabilities: Mitsubishi, Schneider, Delta Among Vendors in CISA's Nine-Alert Batch

Nine industrial control system advisories released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on August 28, 2025, expose critical weaknesses in products from Mitsubishi...

SE Security Desk·44w ago