Live
Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches·MSFT +0.1%CISA Adds Actively Exploited Trend Micro Apex One Zero-Day to KEV, Mandates Rapid Patching·NVDA +3.0%Google Chrome 139.0.7258.127 Plugs Aura Use-After-Free (CVE-2025-8882) and Other High-Severity Bugs·GOOGL +1.2%Google Ships Chrome 139 Fix for ANGLE Out‑of‑Bounds Write, Microsoft Edge To Follow·AMZN +2.9%Chrome 139 Fixes High-Severity libaom AV1 Heap Overflow; Edge Patch to Follow·MSFT +0.1%Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers·NVDA +3.0%Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers·GOOGL +1.2%Siemens Patches 7 Opcenter Quality Vulnerabilities: Upgrade to V2506 and Harden TLS Now·AMZN +2.9%Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches·MSFT +0.1%CISA Adds Actively Exploited Trend Micro Apex One Zero-Day to KEV, Mandates Rapid Patching·NVDA +3.0%Google Chrome 139.0.7258.127 Plugs Aura Use-After-Free (CVE-2025-8882) and Other High-Severity Bugs·GOOGL +1.2%Google Ships Chrome 139 Fix for ANGLE Out‑of‑Bounds Write, Microsoft Edge To Follow·AMZN +2.9%Chrome 139 Fixes High-Severity libaom AV1 Heap Overflow; Edge Patch to Follow·MSFT +0.1%Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers·NVDA +3.0%Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers·GOOGL +1.2%Siemens Patches 7 Opcenter Quality Vulnerabilities: Upgrade to V2506 and Harden TLS Now·AMZN +2.9%

Security Alerts

The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 10:17 PM
Latest Most Read Breaking
Sort
Account Takeover · Cisa Icsa-25-231-02

Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches

Siemens on August 14, 2025, disclosed a critical vulnerability in its Mendix SAML module that could allow unauthenticated attackers to bypass cryptographic signature verification and hijack user...

Advertisement
Av1 · Buffer Overflow

Chrome 139 Fixes High-Severity libaom AV1 Heap Overflow; Edge Patch to Follow

Google has rolled out a stable-channel update for Chrome that patches CVE-2025-8879, a high-severity heap buffer overflow in the libaom AV1 codec library. The fix landed on August 12, 2025, in Chrome...

SE Security Desk·46w ago
Browser Security · Chrome

Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers

On August 12, 2025, Google rushed out Chrome 139.0.7258.127 with an urgent fix for CVE-2025-8880 — a high-severity race condition in the V8 JavaScript engine that could hand remote attackers the...

SE Security Desk·46w ago
Browser Security · Chrome

Chrome's File Picker Cross-Origin Leak Prompts Emergency Patch for Windows Browsers

A critical logic flaw in Chromium's File Picker—one of the browser's most sensitive UI components—can be weaponized to leak data across origins, forcing Google and Microsoft to ship urgent...

SE Security Desk·46w ago
siemens_patches_7_opcenter.jpg
Cve-2024-41979 · Cve-2024-41980

Siemens Patches 7 Opcenter Quality Vulnerabilities: Upgrade to V2506 and Harden TLS Now

Siemens has issued an urgent security advisory for Opcenter Quality, bundling fixes for seven distinct vulnerabilities that affect the SmartClient modules, including Opcenter QL Home, SOA Audit, and...

SE Security Desk·46w ago
urgent_siemens_ruggedcom_ape1808.jpg
Ape1808 · Cisa

Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances

{ "title": "Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances", "content": "Siemens has disclosed two high-severity vulnerabilities in its RUGGEDCOM...

SE Security Desk·46w ago
siemens_admits_no_fix.jpg
Application Whitelisting · Cisa

Siemens Admits No Fix Planned for Critical PLCSIM Vulnerability as TIA Portal Flaw Scores 8.5 CVSS

Siemens has disclosed a high-severity deserialization vulnerability in its TIA Portal engineering platform that carries a CVSS v4 score of 8.5, and in a troubling admission, says no fix is planned...

SE Security Desk·46w ago
siemens_patches_critical_simcenter.jpg
Bmp · Cisa

Siemens Patches Critical Simcenter Femap Bugs Allowing Code Execution from Malicious STP and BMP Files

Siemens has released urgent patches for two high-severity vulnerabilities in its Simcenter Femap engineering simulation software that could allow local attackers to execute arbitrary code by...

SE Security Desk·46w ago
siemens_engineering_software_hit.jpg
Cve-2024-54678 · Deserialization

Siemens Engineering Software Hit by CVE-2024-54678: Local Code Execution Risk via IPC Flaw

Industrial control system operators are scrambling to assess their exposure after Siemens disclosed a critical deserialization flaw, tracked as CVE-2024-54678, that affects a broad range of its...

SE Security Desk·46w ago