Live
Why a Vulnerability Disclosure Policy Isn't Enough: CISA and NSA Demand Full Programs·MSFT +0.1%Trane Tracer ICS Security Flaws: Cryptography Issues and Hard-Coded Credentials Exposed·NVDA +3.0%Critical Hitachi REB500 Vulnerabilities Threaten Power Grid Security: Patch Now·GOOGL +1.2%Heads Up, Forensic Analysts: The Sleuth Kit's fls Tool Has a Disputed Command-Injection Flaw—Here's How to Handle It·AMZN +2.9%Microsoft’s January 2026 Update Fixes Explorer Vulnerability That Leaks Credentials·MSFT +0.1%Delta DIALink Patch: Critical 10.0 Vulnerability Puts Industrial Networks at Risk·NVDA +3.0%Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know·GOOGL +1.2%CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing·AMZN +2.9%Why a Vulnerability Disclosure Policy Isn't Enough: CISA and NSA Demand Full Programs·MSFT +0.1%Trane Tracer ICS Security Flaws: Cryptography Issues and Hard-Coded Credentials Exposed·NVDA +3.0%Critical Hitachi REB500 Vulnerabilities Threaten Power Grid Security: Patch Now·GOOGL +1.2%Heads Up, Forensic Analysts: The Sleuth Kit's fls Tool Has a Disputed Command-Injection Flaw—Here's How to Handle It·AMZN +2.9%Microsoft’s January 2026 Update Fixes Explorer Vulnerability That Leaks Credentials·MSFT +0.1%Delta DIALink Patch: Critical 10.0 Vulnerability Puts Industrial Networks at Risk·NVDA +3.0%Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know·GOOGL +1.2%CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing·AMZN +2.9%

Vulnerability Disclosure

The latest Vulnerability Disclosure coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 8:42 PM
Latest Most Read Breaking
Sort
Cisa · Nsa

Why a Vulnerability Disclosure Policy Isn't Enough: CISA and NSA Demand Full Programs

On July 15, CISA, the National Security Agency, and international cybersecurity partners released joint guidance pushing software makers to move beyond superficial vulnerability disclosure policies...

Advertisement
File Explorer · Patch Management

Microsoft’s January 2026 Update Fixes Explorer Vulnerability That Leaks Credentials

Microsoft’s January 2026 security release plugs a hole in Windows File Explorer that could inadvertently hand attackers the keys they need to move deeper into a network. The vulnerability, tracked...

SE Security Desk·26w ago
Automation · Cisa

Delta DIALink Patch: Critical 10.0 Vulnerability Puts Industrial Networks at Risk

Delta Electronics released an urgent security update for its DIALink industrial automation server this week, fixing two path traversal vulnerabilities that collectively enable remote attackers to...

SE Security Desk·43w ago
Cve-2025-53801 · Dwm Core Library

Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know

Microsoft has patched a serious local privilege escalation vulnerability in the Windows Desktop Window Manager (DWM) Core Library, tracked as CVE-2025-53801, that could allow an attacker with a basic...

SE Security Desk·44w ago
Applocker · Asr

CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing

Microsoft has released a security update for a critical out-of-bounds read vulnerability in Excel that could allow remote code execution—but the patch is not yet available for Mac users. Tracked as...

SE Security Desk·44w ago
Configuration Exports · Cve-2025-40752

Siemens Energy Meters Exposed: Cleartext SMTP Passwords Threaten Utility Networks

Siemens has confirmed that multiple models in its SICAM Q100 and Q200 power meter families store SMTP account passwords in plaintext, a design flaw that lets any authenticated local user extract...

SE Security Desk·48w ago
Cleartext Credentials · Cve

Sante PACS Server Flaws Chain Path Traversal, Double-Free, XSS—Patch Urged as Advisories Clash

Security researchers have disclosed a quartet of vulnerabilities in Sante PACS Server, a medical imaging platform deployed across clinics and hospitals, that combine to create a near-critical risk of...

SE Security Desk·48w ago
Browser Issues · Browser Patch

CVE-2025-8579: Google Patches Critical Gemini Live Flaw—Edge Users Must Update Too

CVE-2025-8579, a critical security flaw in Google Chrome's Gemini Live feature, has been patched after four months of quiet danger. The vulnerability, reported by researcher Alesandro Ortiz on April...

AI AI & Copilot Desk·49w ago
Authentication Flaws · Broadcast Industry

Critical Authentication Bypass in Burk ARC Solo Exposes Broadcast Systems to Remote Takeover

A critical vulnerability in Burk Technology's ARC Solo remote site controller allows attackers to change the device password without any credentials, enabling full device takeover and raising alarms...

SE Security Desk·49w ago