Web Security
The latest Web Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers
In June 2025, ESET researchers unearthed a previously unknown threat actor they call GhostRedirector, which had compromised at least 65 Windows servers around the globe. The attackers deployed two...
Microsoft Edge Canary Upgrades Scareware Blocker with Default-On Scam Site Blocking and URL Sharing
Microsoft has quietly upgraded its experimental Scareware Blocker in Edge Canary to not only interrupt tech-support scams but to block entire scam websites and optionally send detected URLs to...
Patch Tuesday Deluge: Digest Auth RCE (CVE-2025-21294) Puts IIS Servers at Risk
Administrators running Internet-facing Windows IIS servers must immediately disable Digest Authentication to block a newly discovered remote code execution vulnerability, CVE-2025-21294, confirmed by...
Preferred Sources: Google’s New Top Stories Control Arrives as Windows Publishers Grapple with AI Volatility
Google’s rollout of a user-facing “Preferred sources” control for Top Stories on August 12 represents a rare victory for publisher agency in an otherwise volatile search landscape. As ranking...
Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers
On August 12, 2025, Google rushed out Chrome 139.0.7258.127 with an urgent fix for CVE-2025-8880 — a high-severity race condition in the V8 JavaScript engine that could hand remote attackers the...
Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks
A cascade of five newly disclosed vulnerabilities in Siemens' SINEC Traffic Analyzer—a network monitoring tool deployed across utilities, manufacturing, and energy sectors—enables attackers to...
Microsoft Patches Critical RCE Flaw in IIS Web Deploy – CVE-2025-53772 Threatens Exposed Servers
Microsoft has issued a high-priority security advisory for a deserialization vulnerability in its Web Deploy tool that could give authenticated attackers the ability to execute arbitrary code on...
New XSS Vulnerability in Dynamics 365 On-Premises Allows Spoofing Attacks – Patch Now
Microsoft has assigned CVE-2025-49745 to a cross‑site scripting (XSS) vulnerability affecting on‑premises deployments of Dynamics 365, warning that improper input neutralization during web page...
Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out
A serious security vulnerability in the Chromium engine’s Picture-in-Picture (PiP) feature is being urgently patched by Google and Microsoft, affecting millions of users of Chrome, Edge, and other...
Chrome 139 Patches UI Spoofing Flaw That Tricks Users Into Giving Away Permissions—Edge Users Are Protected Too
Google has shipped a critical security fix for Chrome that plugs a user interface spoofing hole attackers could use to trick people into giving websites access to their camera, microphone, or...
CVE-2025-8581: The Low-Risk Chrome Extension Bug That Still Requires an Immediate Update on Edge and Chrome
Google has patched a security vulnerability in Chrome’s Extensions framework that could have allowed attackers to siphon sensitive cross-origin data from unsuspecting users. Tracked as...
CVE-2025-8578: Chrome Cast Vulnerability Sparks Urgent Updates for Chrome and Edge
A critical use-after-free vulnerability in Google Chrome’s Cast component, tracked as CVE-2025-8578, has been patched by both Google and Microsoft, after researchers confirmed that attackers could...