Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately
Microsoft has issued a critical security advisory for CVE-2025-55231, a race‑condition vulnerability in the Windows storage management stack that could allow remote code execution. The flaw,...
Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing
Microsoft this week disclosed CVE-2025-55229, a high-impact spoofing vulnerability in Windows certificate handling that allows attackers to bypass signature verification over a network. The flaw,...
Chrome 139 Seals High-Severity V8 Out-of-Bounds Write CVE-2025-9132, Enterprises Scramble to Patch Edge
Google on August 19 shipped Chrome 139.0.7258.138 to patch a high-severity out-of-bounds write in its V8 JavaScript engine, tracked as CVE-2025-9132, that could let attackers execute arbitrary code...
CVE-2025-53763: Microsoft Flags Azure Databricks Privilege Escalation Flaw, Urges Immediate Defensive Actions
Microsoft has disclosed a new privilege escalation vulnerability in Azure Databricks, tracked as CVE-2025-53763, which could allow an attacker with network access to elevate their privileges within...
Patch Now: Microsoft's netbt.sys Kernel Flaw (CVE-2025-55230/47996) Grants Attackers Full Control
A local elevation-of-privilege flaw in the Windows MBT Transport driver—the kernel component behind NetBIOS over TCP/IP—can hand attackers full SYSTEM rights, and while Microsoft’s July 2025...
PC Manager’s 7.8 CVSS Flaw Exposed: How Symlinks Give Attackers SYSTEM Rights
A vulnerability tracked as CVE-2025-29975 in Microsoft PC Manager hands local attackers a direct path to full SYSTEM control. With a CVSS 3.1 score of 7.8 (high) and a low attack complexity, the bug...
CISA Alerts Federal Agencies and Enterprises to Apple Image I/O Zero-Day Under Active Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog on August 21, 2025, triggering a mandatory patch sprint for...
CISA's Triple Threat: Mitsubishi HVAC 9.8, Unpatched MELSEC DoS, and Fujifilm Privilege Escalation
Mitsubishi Electric’s air conditioning controllers face a critical authentication bypass with a CVSS severity score of 9.8, leading a trio of industrial control system (ICS) and medical device...
Mitsubishi Electric Confirms Unpatched DoS Flaw in MELSEC iQ-F PLCs, Recommends Network Hardening
Mitsubishi Electric has disclosed a remotely exploitable denial-of-service vulnerability in the embedded web server of its MELSEC iQ-F series programmable logic controllers, tracked under an internal...
Fujifilm Medical Viewer Flaw Allows Unauthorized Access to Patient Scans — CISA Calls for Immediate Upgrade
A severe privilege-escalation vulnerability in FUJIFILM Healthcare Americas’ Synapse Mobility medical imaging viewer could allow remote attackers to bypass role-based access controls and view...
CISA's August 19 ICS Alert: Siemens Desigo CC SAML Bypass, Tigo Hardcoded Credentials, and EG4 Inverter Firmware Risks Exposed
Four industrial control system advisories released by CISA on August 19, 2025, pack an urgent punch for critical infrastructure operators, exposing dangerous flaws across building management...
Siemens Urges Patching of Desigo CC and SENTRON as CodeMeter Flaws Enable Remote RCE and Privilege Escalation
{ "title": "Siemens Urges Patching of Desigo CC and SENTRON as CodeMeter Flaws Enable Remote RCE and Privilege Escalation", "content": "Siemens has issued an urgent security advisory for the...