Live
CISA Warns: Johnson Controls iSTAR Flaws Open Door to Root Access and Physical Breaches·MSFT +0.1%New Golden dMSA Attack Bypasses Windows Server 2025 Security; Entra ID Flaw Escalates to Global Admin·NVDA +3.0%Microsoft Patches CVE-2025-53787: BizChat Flaw Exposes Enterprise AI Chat Data·GOOGL +1.2%Zero-Click Data Leak in Microsoft 365 Copilot BizChat Exposes Enterprise Secrets·AMZN +2.9%Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch·MSFT +0.1%CVE-2025-53792: Azure Portal Privilege Escalation Bug Could Lead to Full Cloud Control·NVDA +3.0%CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too·GOOGL +1.2%Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out·AMZN +2.9%CISA Warns: Johnson Controls iSTAR Flaws Open Door to Root Access and Physical Breaches·MSFT +0.1%New Golden dMSA Attack Bypasses Windows Server 2025 Security; Entra ID Flaw Escalates to Global Admin·NVDA +3.0%Microsoft Patches CVE-2025-53787: BizChat Flaw Exposes Enterprise AI Chat Data·GOOGL +1.2%Zero-Click Data Leak in Microsoft 365 Copilot BizChat Exposes Enterprise Secrets·AMZN +2.9%Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch·MSFT +0.1%CVE-2025-53792: Azure Portal Privilege Escalation Bug Could Lead to Full Cloud Control·NVDA +3.0%CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too·GOOGL +1.2%Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out·AMZN +2.9%

Security Alerts

The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 8:18 PM
Latest Most Read Breaking
Sort
Cisa · Command Injection

CISA Warns: Johnson Controls iSTAR Flaws Open Door to Root Access and Physical Breaches

A cluster of newly highlighted vulnerabilities in Johnson Controls’ iSTAR Ultra door controllers can give attackers a direct route from a network foothold to root-level control of physical access...

Advertisement
Access Control · Ai Security

Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch

{ "title": "Microsoft Confirms Critical Azure OpenAI Privilege Escalation Flaw, Urges Vigilance Until Patch", "content": "Microsoft has officially acknowledged a critical security vulnerability...

AI AI & Copilot Desk·47w ago
Azure Monitor · Azure Security

CVE-2025-53792: Azure Portal Privilege Escalation Bug Could Lead to Full Cloud Control

Microsoft has released a security update for CVE-2025-53792, a critical elevation-of-privilege vulnerability in the Azure Portal that allows authenticated attackers to bypass role-based access...

SE Security Desk·47w ago
Browser Issues · Browser Patch

CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too

CVE-2025-8579, a critical security flaw in Google Chrome's Gemini Live feature, has been patched after four months of quiet danger. The vulnerability, reported by researcher Alesandro Ortiz on April...

AI AI & Copilot Desk·47w ago
Browser Exploits · Browser Patch

Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out

A serious security vulnerability in the Chromium engine’s Picture-in-Picture (PiP) feature is being urgently patched by Google and Microsoft, affecting millions of users of Chrome, Edge, and other...

SE Security Desk·47w ago
Browser Security · Chrome

Chrome 139 Patches UI Spoofing Flaw That Tricks Users Into Giving Away Permissions—Edge Users Are Protected Too

Google has shipped a critical security fix for Chrome that plugs a user interface spoofing hole attackers could use to trick people into giving websites access to their camera, microphone, or...

SE Security Desk·47w ago
Browser Security · Chrome

CVE-2025-8581: The Low-Risk Chrome Extension Bug That Still Requires an Immediate Update on Edge and Chrome

Google has patched a security vulnerability in Chrome’s Extensions framework that could have allowed attackers to siphon sensitive cross-origin data from unsuspecting users. Tracked as...

SE Security Desk·47w ago
Browser Security · Chrome

CVE-2025-8578: Chrome Cast Vulnerability Sparks Urgent Updates for Chrome and Edge

A critical use-after-free vulnerability in Google Chrome’s Cast component, tracked as CVE-2025-8578, has been patched by both Google and Microsoft, after researchers confirmed that attackers could...

SE Security Desk·47w ago
Browser Security · Browser Updates

Critical CVE-2025-8582 DOM Vulnerability Patched in Chrome and Edge – Users Urged to Update

On August 5, 2025, Google shipped an urgent security update for Chrome that plugs a dangerous hole in the browser's Document Object Model (DOM) handling. Tracked as CVE-2025-8582, the vulnerability...

SE Security Desk·47w ago