Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches
Siemens on August 14, 2025, disclosed a critical vulnerability in its Mendix SAML module that could allow unauthenticated attackers to bypass cryptographic signature verification and hijack user...
CISA Adds Actively Exploited Trend Micro Apex One Zero-Day to KEV, Mandates Rapid Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-54948, a critical command injection vulnerability in Trend Micro’s Apex One on-premises management console, to...
Google Chrome 139.0.7258.127 Plugs Aura Use-After-Free (CVE-2025-8882) and Other High-Severity Bugs
Google has deployed a critical stable-channel update for Chrome, version 139.0.7258.127, closing a use-after-free vulnerability in the Aura UI component tracked as CVE-2025-8882. The patch also...
Google Ships Chrome 139 Fix for ANGLE Out‑of‑Bounds Write, Microsoft Edge To Follow
Google has shipped a critical security update for Chrome, version 139.0.7258.127, to plug a dangerous out-of-bounds write flaw in the ANGLE graphics translation layer. Tracked as CVE-2025-8901, the...
Chrome 139 Fixes High-Severity libaom AV1 Heap Overflow; Edge Patch to Follow
Google has rolled out a stable-channel update for Chrome that patches CVE-2025-8879, a high-severity heap buffer overflow in the libaom AV1 codec library. The fix landed on August 12, 2025, in Chrome...
Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers
On August 12, 2025, Google rushed out Chrome 139.0.7258.127 with an urgent fix for CVE-2025-8880 — a high-severity race condition in the V8 JavaScript engine that could hand remote attackers the...
Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers
A critical logic flaw in Chromium's File Picker—one of the browser's most sensitive UI components—can be weaponized to leak data across origins, forcing Google and Microsoft to ship urgent...
Siemens Patches 7 Opcenter Quality Vulnerabilities: Upgrade to V2506 and Harden TLS Now
Siemens has issued an urgent security advisory for Opcenter Quality, bundling fixes for seven distinct vulnerabilities that affect the SmartClient modules, including Opcenter QL Home, SOA Audit, and...
Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances
{ "title": "Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances", "content": "Siemens has disclosed two high-severity vulnerabilities in its RUGGEDCOM...
Siemens Admits No Fix Planned for Critical PLCSIM Vulnerability as TIA Portal Flaw Scores 8.5 CVSS
Siemens has disclosed a high-severity deserialization vulnerability in its TIA Portal engineering platform that carries a CVSS v4 score of 8.5, and in a troubling admission, says no fix is planned...
Siemens Patches Critical Simcenter Femap Bugs Allowing Code Execution from Malicious STP and BMP Files
Siemens has released urgent patches for two high-severity vulnerabilities in its Simcenter Femap engineering simulation software that could allow local attackers to execute arbitrary code by...
Siemens Engineering Software Hit by CVE-2024-54678: Local Code Execution Risk via IPC Flaw
Industrial control system operators are scrambling to assess their exposure after Siemens disclosed a critical deserialization flaw, tracked as CVE-2024-54678, that affects a broad range of its...