Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CISA Warns: Johnson Controls iSTAR Flaws Open Door to Root Access and Physical Breaches
A cluster of newly highlighted vulnerabilities in Johnson Controls’ iSTAR Ultra door controllers can give attackers a direct route from a network foothold to root-level control of physical access...
New Golden dMSA Attack Bypasses Windows Server 2025 Security; Entra ID Flaw Escalates to Global Admin
Security researchers have unveiled two distinct but equally alarming identity-based attack paths that strike at the heart of enterprise Windows environments: a design flaw in Windows Server 2025’s...
Microsoft Patches CVE-2025-53787: BizChat Flaw Exposes Enterprise AI Chat Data
Microsoft has confirmed a new vulnerability, CVE-2025-53787, that allows potential information disclosure through the BizChat feature of Microsoft 365 Copilot, sparking urgent patch deployment across...
Zero-Click Data Leak in Microsoft 365 Copilot BizChat Exposes Enterprise Secrets
A newly disclosed vulnerability in Microsoft 365 Copilot BizChat can expose sensitive business information without any user interaction, Microsoft warned in a security advisory published this week....
Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch
{ "title": "Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch", "content": "Microsoft has officially acknowledged a critical security vulnerability...
CVE-2025-53792: Azure Portal Privilege Escalation Bug Could Lead to Full Cloud Control
Microsoft has released a security update for CVE-2025-53792, a critical elevation-of-privilege vulnerability in the Azure Portal that allows authenticated attackers to bypass role-based access...
CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too
CVE-2025-8579, a critical security flaw in Google Chrome's Gemini Live feature, has been patched after four months of quiet danger. The vulnerability, reported by researcher Alesandro Ortiz on April...
Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out
A serious security vulnerability in the Chromium engine’s Picture-in-Picture (PiP) feature is being urgently patched by Google and Microsoft, affecting millions of users of Chrome, Edge, and other...
Chrome 139 Patches UI Spoofing Flaw That Tricks Users Into Giving Away Permissions—Edge Users Are Protected Too
Google has shipped a critical security fix for Chrome that plugs a user interface spoofing hole attackers could use to trick people into giving websites access to their camera, microphone, or...
CVE-2025-8581: The Low-Risk Chrome Extension Bug That Still Requires an Immediate Update on Edge and Chrome
Google has patched a security vulnerability in Chrome’s Extensions framework that could have allowed attackers to siphon sensitive cross-origin data from unsuspecting users. Tracked as...
CVE-2025-8578: Chrome Cast Vulnerability Sparks Urgent Updates for Chrome and Edge
A critical use-after-free vulnerability in Google Chrome’s Cast component, tracked as CVE-2025-8578, has been patched by both Google and Microsoft, after researchers confirmed that attackers could...
Critical CVE-2025-8582 DOM Vulnerability Patched in Chrome and Edge – Users Urged to Update
On August 5, 2025, Google shipped an urgent security update for Chrome that plugs a dangerous hole in the browser's Document Object Model (DOM) handling. Tracked as CVE-2025-8582, the vulnerability...