Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Siemens SINEC OS Advisory Exposes Over 100 Third-Party Kernel Flaws, Shifts Patch Burden to ProductCERT
Siemens has released a sprawling security advisory covering third-party components inside its SINEC operating system, cataloguing more than a hundred Linux kernel and userland vulnerabilities that...
CVE-2025-7353 Exposes Rockwell ControlLogix Ethernet Modules to Remote Memory and Execution Control
Rockwell Automation’s ControlLogix EtherNet/IP communication modules are vulnerable to a high-severity flaw that lets remote attackers dump and modify runtime memory, potentially hijacking device...
Siemens Urges Immediate Patch for SIMATIC RTLS Locating Manager as Two New Flaws Threaten Industrial Operations
Siemens has released an urgent security advisory detailing two newly tracked vulnerabilities in its SIMATIC RTLS Locating Manager, the Windows-based server component that processes ultra-wideband tag...
Siemens Flags CVSS 8.5 DLL Hijacking in Web Installer, Urges Immediate Mitigation for ICS Products
Siemens has confirmed a severe vulnerability in its Web Installer used by the Online Software Delivery (OSD) mechanism, allowing attackers to hijack the installation process and execute arbitrary...
Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks
A cascade of five newly disclosed vulnerabilities in Siemens' SINEC Traffic Analyzer—a network monitoring tool deployed across utilities, manufacturing, and energy sectors—enables attackers to...
Siemens RUGGEDCOM ROX II BIST Flaw Gives Physical Attackers Root Shell
Siemens has disclosed a high-severity authentication bypass vulnerability in its RUGGEDCOM ROX II industrial networking devices that allows an attacker with physical access to the serial console to...
CISA Flags Actively Exploited N-central Flaws: Patch Desert Leaves MSPs Exposed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in N-able’s N-central remote monitoring and management platform to its Known Exploited...
CISA, NSA, FBI Release Guidance for OT Asset Inventories to Fortify Critical Infrastructure
On August 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) joined forces with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Environmental...
CISA Orders Patching of 2007 Excel Bug, 2013 IE Flaw, and 2025 WinRAR Zero-Day
On August 12, the Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—two of them first disclosed during the...
Active SharePoint RCE Exploits Chain Deserialization Bug to Deploy Web Shells and Ransomware
Attackers are actively chaining a deserialization vulnerability in on-premises SharePoint Server with an authentication bypass to gain remote code execution without credentials—then stealing the...
Microsoft Patches CVE-2025-49736: Android Edge UI Spoofing Bug Allows Credential Theft
Microsoft has released a patch for a UI spoofing vulnerability in its Edge browser for Android, tracked as CVE-2025-49736. The flaw, which Microsoft classifies as allowing an unauthenticated attacker...
Azure VM Spoofing Flaw CVE-2025-49707: Microsoft Patches Local Access Control Bypass
Microsoft has confirmed and released fixes for CVE-2025-49707, a critical improper access control vulnerability in Azure Virtual Machines that enables an attacker with local access to impersonate...