Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
No Firmware Fix for MELSEC iQ-F Modbus Flaw CVE-2025-7405 – Windows & OT Teams Must Isolate Now
Mitsubishi Electric has notified customers that it will not release firmware updates to address a critical authentication bypass vulnerability in its MELSEC iQ-F series programmable logic controllers...
GE Vernova Issues Urgent Patch for CIMPLICITY DLL Hijacking Flaw Rated CVSS 7.0
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory detailing a dangerous privilege escalation vulnerability in GE Vernova’s CIMPLICITY HMI/SCADA platform....
Delta Seals Code-Execution Hole in CNCSoft-G2; Industrial Operators Told to Patch Fast
A memory corruption vulnerability in Delta Electronics' CNCSoft-G2 HMI software can give attackers full code execution on engineering workstations when victims open booby-trapped project files, the...
Schneider Electric Patches Saitel DR RTU Flaw CVE-2025-8453 — DP RTU Fix Still Pending
Schneider Electric has shipped a firmware remedy for its Saitel DR Remote Terminal Units to plug a privilege management hole tracked as CVE-2025-8453, while a corresponding fix for the Saitel DP line...
China-Linked Hackers Weaponize Known CVEs to Turn Core Routers into Spy Tools
Seventeen intelligence and cybersecurity agencies from the United States, United Kingdom, Australia, and allied nations issued an extraordinary joint advisory on August 28, 2025, exposing a...
US Cyber Agencies Sound Alarm on PRC Router Firmware Attacks Exposing Global Networks to Stealth Espionage
A joint cybersecurity advisory from CISA, the NSA, the FBI, and international partners has warned that state-sponsored Chinese APT actors are systematically compromising the backbone routers that...
CISA Flags Actively Exploited Citrix NetScaler CVE-2025-7775, Demands Urgent Patch
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) Catalog after...
CISA Flags Zero-Day in INVT VT-Designer and HMITool: Remote Code Execution via Malicious Files
A zero-day vulnerability in INVT's VT-Designer and HMITool engineering software lets attackers run arbitrary code on industrial control system (ICS) workstations simply by tricking a user into...
INVT HMITool and VT-Designer Riddled with 9 RCE Vulnerabilities, Windows Industrial Systems at Risk
Nine high-severity remote code execution (RCE) vulnerabilities in INVT’s HMITool and VT-Designer engineering software are exposing Windows workstations in industrial environments to attacks through...
Schneider Electric Issues Emergency Firmware Fix for M340 PLC DoS Flaw (CVE-2025-6625)
Schneider Electric has released firmware updates to address a high-severity denial-of-service vulnerability in its Modicon M340 programmable logic controllers and associated communication modules....
CISA Flags Urgent Patches for Exploited Citrix Session Recording and Git Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025, signaling active exploitation of flaws...
CISA Unveils SBOM Draft Requiring Hashes, Licenses, and Build Context—Public Comment Opens
The Cybersecurity and Infrastructure Security Agency (CISA) released a draft update to its Software Bill of Materials (SBOM) minimum elements on August 22, 2025, immediately opening a public comment...