Vulnerability Disclosure
The latest Vulnerability Disclosure coverage — news, analysis, and updates from the WindowsNews.AI desk.
Why a Vulnerability Disclosure Policy Isn't Enough: CISA and NSA Demand Full Programs
On July 15, CISA, the National Security Agency, and international cybersecurity partners released joint guidance pushing software makers to move beyond superficial vulnerability disclosure policies...
Trane Tracer ICS Security Flaws: Cryptography Issues and Hard-Coded Credentials Exposed
U.S. federal cyber authorities have issued a blunt warning about multiple security weaknesses in Trane's Tracer building automation systems. The coordinated disclosures reveal critical...
Critical Hitachi REB500 Vulnerabilities Threaten Power Grid Security: Patch Now
The cybersecurity landscape for critical infrastructure has been shaken by the disclosure of two severe vulnerabilities in Hitachi Energy's Relion REB500 busbar protection system. Designated...
Heads Up, Forensic Analysts: The Sleuth Kit's fls Tool Has a Disputed Command-Injection Flaw—Here's How to Handle It
A vulnerability in the widely used open-source forensic tool The Sleuth Kit can be exploited to run arbitrary commands on a system—but the validity of the flaw is hotly contested. Tracked as...
Microsoft’s January 2026 Update Fixes Explorer Vulnerability That Leaks Credentials
Microsoft’s January 2026 security release plugs a hole in Windows File Explorer that could inadvertently hand attackers the keys they need to move deeper into a network. The vulnerability, tracked...
Delta DIALink Patch: Critical 10.0 Vulnerability Puts Industrial Networks at Risk
Delta Electronics released an urgent security update for its DIALink industrial automation server this week, fixing two path traversal vulnerabilities that collectively enable remote attackers to...
Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know
Microsoft has patched a serious local privilege escalation vulnerability in the Windows Desktop Window Manager (DWM) Core Library, tracked as CVE-2025-53801, that could allow an attacker with a basic...
CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing
Microsoft has released a security update for a critical out-of-bounds read vulnerability in Excel that could allow remote code execution—but the patch is not yet available for Mac users. Tracked as...
Siemens Energy Meters Exposed: Cleartext SMTP Passwords Threaten Utility Networks
Siemens has confirmed that multiple models in its SICAM Q100 and Q200 power meter families store SMTP account passwords in plaintext, a design flaw that lets any authenticated local user extract...
Sante PACS Server Flaws Chain Path Traversal, Double-Free, XSS—Patch Urged as Advisories Clash
Security researchers have disclosed a quartet of vulnerabilities in Sante PACS Server, a medical imaging platform deployed across clinics and hospitals, that combine to create a near-critical risk of...
CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too
CVE-2025-8579, a critical security flaw in Google Chrome's Gemini Live feature, has been patched after four months of quiet danger. The vulnerability, reported by researcher Alesandro Ortiz on April...
Critical Authentication Bypass in Burk ARC Solo Exposes Broadcast Systems to Remote Takeover
A critical vulnerability in Burk Technology's ARC Solo remote site controller allows attackers to change the device password without any credentials, enabling full device takeover and raising alarms...