Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Edge Seals Off Dangerous Filesystem Attack Vector with Latest Chromium Patch for CVE-2025-8580
Microsoft has patched a critical filesystem vulnerability in its Edge browser, CVE-2025-8580, plugging a dangerous hole that could have allowed attackers to execute arbitrary code or access...
Critical Chromium Use-After-Free Flaw CVE-2025-8576 Triggers Urgent Edge, Chrome Updates
A severe use-after-free vulnerability in the Chromium extensions engine, tracked as CVE-2025-8576, is driving urgent updates across the browser ecosystem. The flaw, which carries high severity,...
CISA Sets August 11 Deadline for Critical Exchange Hybrid Patch as Exploits Emerge
The U.S. Cybersecurity and Infrastructure Security Agency issued Emergency Directive 25-02 on August 7, 2025, giving federal agencies fewer than four days to remediate a high-severity vulnerability...
CISA Alerts to Critical EG4 Inverter Flaws That Expose Solar Infrastructure to Remote Sabotage
A cluster of high-severity vulnerabilities in every major EG4 Electronics solar inverter model has set off alarm bells across the global energy sector, with the U.S. Cybersecurity and Infrastructure...
Four Yealink IP Phone Vulnerabilities Expose Enterprise VoIP to Brute-Force and Certificate Attacks
Four newly disclosed security vulnerabilities in Yealink’s widely deployed IP phones and cloud-based Redirect and Provisioning Service (RPS) have thrust business communications security into urgent...
Critical Authentication Bypass in Burk ARC Solo Exposes Broadcast Systems to Remote Takeover
A critical vulnerability in Burk Technology's ARC Solo remote site controller allows attackers to change the device password without any credentials, enabling full device takeover and raising alarms...
CISA Drops 10 ICS Advisories: Flaws Threaten Delta, JCI, EG4 Inverters and Critical Infrastructure
A flood of industrial vulnerabilities hit the cybersecurity landscape last week as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) dropped ten Industrial Control Systems (ICS)...
After Year-Long Silence, Dreame Patches Smart Home Apps Vulnerable to Credential-Theft Attacks
Dreame Technology has finally released a patch for its popular smart home applications after researchers exposed a certificate validation flaw that left millions of users defenseless against...
Rockwell Automation Patches Three High-Severity Arena Simulation Bugs Poised to Cripple Critical Manufacturing
Three newly disclosed vulnerabilities in Rockwell Automation’s Arena simulation software have shaken the industrial security landscape, exposing global manufacturers to file-based attacks that can...
Critical 8.4 CVSS Flaw in Johnson Controls FX Controllers Threatens Building Automation Systems Worldwide
Critical infrastructure operators worldwide are scrambling to apply emergency patches after a dangerous new vulnerability was disclosed in Johnson Controls’ FX80, FX90, and FX Server platforms....
Patch Now: 9.3-Rated Path Traversal in Delta DIAView ICS Puts Critical Sectors at Risk
A severe path traversal vulnerability in Delta Electronics’ DIAView industrial automation platform has sent shockwaves through the operational technology community, after federal cybersecurity...
Packet Power ICS Flaw Lets Attackers Seize Control of Energy Grids Without Login
A remotely exploitable authentication bypass in Packet Power’s energy monitoring devices has thrust the industrial control system (ICS) world into an urgent patching cycle. Designated...