Live
ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers·MSFT +0.1%Microsoft Edge Canary Upgrades Scareware Blocker with Default-On Scam Site Blocking and URL Sharing·NVDA +3.0%Patch Tuesday Deluge: Digest Auth RCE (CVE-2025-21294) Puts IIS Servers at Risk·GOOGL +1.2%Preferred Sources: Google’s New Top Stories Control Arrives as Windows Publishers Grapple with AI Volatility·AMZN +2.9%Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers·MSFT +0.1%Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks·NVDA +3.0%Microsoft Patches Critical RCE Flaw in IIS Web Deploy – CVE-2025-53772 Threatens Exposed Servers·GOOGL +1.2%New XSS Vulnerability in Dynamics 365 On-Premises Allows Spoofing Attacks – Patch Now·AMZN +2.9%ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers·MSFT +0.1%Microsoft Edge Canary Upgrades Scareware Blocker with Default-On Scam Site Blocking and URL Sharing·NVDA +3.0%Patch Tuesday Deluge: Digest Auth RCE (CVE-2025-21294) Puts IIS Servers at Risk·GOOGL +1.2%Preferred Sources: Google’s New Top Stories Control Arrives as Windows Publishers Grapple with AI Volatility·AMZN +2.9%Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers·MSFT +0.1%Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks·NVDA +3.0%Microsoft Patches Critical RCE Flaw in IIS Web Deploy – CVE-2025-53772 Threatens Exposed Servers·GOOGL +1.2%New XSS Vulnerability in Dynamics 365 On-Premises Allows Spoofing Attacks – Patch Now·AMZN +2.9%

Web Security

The latest Web Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 3:59 AM
Latest Most Read Breaking
Sort
Backdoor · C2

ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers

In June 2025, ESET researchers unearthed a previously unknown threat actor they call GhostRedirector, which had compromised at least 65 Windows servers around the globe. The attackers deployed two...

Advertisement
Browser Security · Chrome

Urgent Chrome 139.0.7258.127 Update Closes V8 Race Condition (CVE-2025-8880) — Patch Now for Windows, Edge, and Chromium Browsers

On August 12, 2025, Google rushed out Chrome 139.0.7258.127 with an urgent fix for CVE-2025-8880 — a high-severity race condition in the V8 JavaScript engine that could hand remote attackers the...

SE Security Desk·48w ago
Cisa · Container Security

Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks

A cascade of five newly disclosed vulnerabilities in Siemens' SINEC Traffic Analyzer—a network monitoring tool deployed across utilities, manufacturing, and energy sectors—enables attackers to...

SE Security Desk·48w ago
Access Control · Authentication

Microsoft Patches Critical RCE Flaw in IIS Web Deploy – CVE-2025-53772 Threatens Exposed Servers

Microsoft has issued a high-priority security advisory for a deserialization vulnerability in its Web Deploy tool that could give authenticated attackers the ability to execute arbitrary code on...

SE Security Desk·48w ago
Crm Security · Cross-site Scripting

New XSS Vulnerability in Dynamics 365 On-Premises Allows Spoofing Attacks – Patch Now

Microsoft has assigned CVE-2025-49745 to a cross‑site scripting (XSS) vulnerability affecting on‑premises deployments of Dynamics 365, warning that improper input neutralization during web page...

SE Security Desk·48w ago
Browser Exploits · Browser Patch

Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out

A serious security vulnerability in the Chromium engine’s Picture-in-Picture (PiP) feature is being urgently patched by Google and Microsoft, affecting millions of users of Chrome, Edge, and other...

SE Security Desk·49w ago
Browser Security · Chrome

Chrome 139 Patches UI Spoofing Flaw That Tricks Users Into Giving Away Permissions—Edge Users Are Protected Too

Google has shipped a critical security fix for Chrome that plugs a user interface spoofing hole attackers could use to trick people into giving websites access to their camera, microphone, or...

SE Security Desk·49w ago
Browser Security · Chrome

CVE-2025-8581: The Low-Risk Chrome Extension Bug That Still Requires an Immediate Update on Edge and Chrome

Google has patched a security vulnerability in Chrome’s Extensions framework that could have allowed attackers to siphon sensitive cross-origin data from unsuspecting users. Tracked as...

SE Security Desk·49w ago
Browser Security · Chrome

CVE-2025-8578: Chrome Cast Vulnerability Sparks Urgent Updates for Chrome and Edge

A critical use-after-free vulnerability in Google Chrome’s Cast component, tracked as CVE-2025-8578, has been patched by both Google and Microsoft, after researchers confirmed that attackers could...

SE Security Desk·49w ago