Vulnerability Disclosure
The latest Vulnerability Disclosure coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Vulnerabilities in Schneider Electric's EVLink WallBox Pose Serious Security Risks
Critical Vulnerabilities in Schneider Electric's EVLink WallBox Pose Serious Security Risks Multiple critical security flaws have been identified in all versions of the Schneider Electric EVLink...
Critical Vulnerabilities in Delta CNCSoft Expose Urgent Security Risks in Industrial Automation
Critical Vulnerabilities in Delta CNCSoft Expose Urgent Security Risks in Industrial Automation Taipei, Taiwan - Delta Electronics' CNCSoft software, a key utility for integrating industrial...
Siemens Mendix Studio Pro CVE-2025-40592 Path Traversal Vulnerability: What You Need to Know
Siemens Mendix Studio Pro, a leading low-code development platform, has recently come under scrutiny due to a critical path traversal vulnerability (CVE-2025-40592) that could allow attackers to...
CVE-2025-5310: Unpatched Fuel System Flaw Exposes 150,000+ Sites to Remote Takeover
A newly discovered critical vulnerability (CVE-2025-5310) in Dover Fueling Solutions' ProGauge MagLink LX consoles has sent shockwaves through the global fuel infrastructure sector. This industrial...
Microsoft Secure Boot Vulnerability CVE-2024-28923: What You Need to Know
Microsoft's Secure Boot feature, a critical component of Windows security, has come under scrutiny with the disclosure of CVE-2024-28923. This vulnerability, classified as a "Secure Boot Security...
Aim Labs finds zero-click EchoLeak flaw steals data via Microsoft 365 Copilot
A newly discovered vulnerability in Microsoft 365 Copilot, dubbed EchoLeak, has sent shockwaves through the cybersecurity community. Researchers from Aim Labs uncovered this zero-click attack vector,...
CVE-2025-32454 in Siemens Tecnomatix Plant Simulation demands urgent patching to prevent production disruptions.
Siemens Tecnomatix Plant Simulation has become a cornerstone of modern digital manufacturing, enabling organizations to create precise digital twins of their production environments. This powerful...
EchoLeak Zero-Click Flaw in Microsoft 365 Copilot Exposes Sensitive Data
In January 2025, security researchers at Aim Labs uncovered a critical zero-click vulnerability in Microsoft 365 Copilot AI, designated as CVE-2025-3271 and dubbed "EchoLeak." This flaw allowed...
EchoLeak Zero-Click Flaw Lets Hackers Steal Data via Microsoft 365 Copilot
The emergence of artificial intelligence in the workplace has revolutionized the way organizations handle productivity, collaboration, and data management. Microsoft 365 Copilot—Microsoft’s...
Zero-click EchoLeak flaw in Copilot allows data theft via poisoned prompts
A newly discovered vulnerability in Microsoft Copilot, dubbed EchoLeak (CVE-2025-32711), has exposed a critical flaw in AI-powered productivity tools, allowing attackers to exfiltrate sensitive data...
Critical Windows Task Scheduler Flaw CVE-2025-33067: Risks, Mitigation, and Best Practices
A newly discovered vulnerability in the Windows Task Scheduler, designated as CVE-2025-33067, has sent shockwaves through the cybersecurity community, exposing millions of Windows devices to...
Microsoft patches critical Task Scheduler flaw allowing SYSTEM-level privilege escalation
In early June, cybersecurity professionals and IT administrators were confronted with a newly disclosed vulnerability in a core component of the Windows operating system that has raised significant...