Linux Kernel Vulnerabilities
The latest Linux Kernel Vulnerabilities coverage — news, analysis, and updates from the WindowsNews.AI desk.
Urgent: CISA Adds Four Lantronix and Ubiquiti Vulnerabilities to Must-Patch List – Windows Networks at Risk
CISA added four actively exploited vulnerabilities affecting Lantronix EDS5000 device servers and Ubiquiti UniFi OS devices to its Known Exploited Vulnerabilities Catalog on June 23, 2026. The alert demands immediate patching, as attackers are already using these flaws to infiltrate networks—often pivoting from neglected appliances into Windows environments. Windows administrators must locate, patch, and segment these devices now to prevent credential theft, lateral movement, and ransomware.
Windows Security Locks Down Client Trust: Meet the CISOs Defending America's Accounting Firms
As cyber threats escalate, accounting firms are appointing seasoned CISOs to protect sensitive financial data. This article profiles leaders such as Jim Nagata, Amy Bogac, and Steve Jackson, who leverage Windows-powered security ecosystems to defend client trust, achieve compliance, and report risks to their boards.
Microsoft Ships KB5095615 Dynamic Update to Fortify WinRE Across Windows 11 24H2 and 25H2
Microsoft has published KB5095615, a Safe OS Dynamic Update for Windows 11 24H2 and the upcoming 25H2, that updates the Windows Recovery Environment with security hardening, driver refreshes, and Secure Boot enhancements. The update supersedes a previous WinRE package and reaches devices during feature updates or via offline servicing, underlining Microsoft's heightened focus on pre‑boot security. Admins should validate and deploy the update to ensure recovery tools stay aligned with the latest OS patches.
Microsoft Pushes KB5095186 to Windows 11 26H1 Recovery Environment Without a Reboot
Microsoft released KB5095186, a Safe OS Dynamic Update for Windows 11 version 26H1, on June 23, 2026. The update refreshes the Windows Recovery Environment without requiring a restart, providing a one-way, verified enhancement to the recovery partition that improves reliability and security during system failures.
Lazarus Group Targets Executives with Fake Zoom, Teams Invites—MacOS Malware Campaign Holds Lessons for Windows Users
North Korea’s Lazarus Group has launched a macOS-focused campaign using fake Zoom, Teams, and Google Meet invitations to trick crypto executives into pasting malicious Terminal commands. While the malware is macOS-specific, the social engineering technique poses a cross-platform risk, particularly for Windows users who could be targeted with similar PowerShell or Command Prompt lures.
Siemens Issues Patch for SINEC INS: Critical Command Injection and Three Other Flaws Fixed
Siemens has released V1.0 SP2 Update 6 for SINEC INS to patch four vulnerabilities, including a critical authenticated command injection flaw (CVE-2026-38421, CVSS 9.8). CISA republished the advisory on June 23, 2026, warning that exploitation could allow remote code execution and compromise industrial network management. The update also fixes path traversal, improper access control, and stored XSS issues.
Siemens OpenSSL CMS Vulnerability Triggers CISA Alert, Windows OT Assets Face High-Severity Threat
CISA has issued an advisory for CVE-2025-15467, a high-severity OpenSSL CMS parsing vulnerability impacting multiple Siemens industrial products. The flaw could allow remote code execution on Windows-based engineering stations and HMI systems within operational technology networks. Siemens and CISA recommend immediate patching, alongside network segmentation and enhanced monitoring to mitigate risks.
CISA Flags Critical Hubbell Aclara Flaw: Unauthenticated Web Access Can Reboot OT Devices
CISA issued an urgent advisory on June 23, 2026, for a critical missing authentication vulnerability (CVE-2026-1840) in Hubbell's Aclara Metrum Cellular Web Interface, allowing unauthenticated attackers to remotely restart OT devices. The flaw affects firmware versions below 2.1.0.105 and poses a severe risk to utility operations. Immediate patching or network segmentation is recommended.
ABB Freelance Security Lock Flaw Lets Attackers Hijack OT Consoles — Patch Now
ABB and CISA disclosed CVE-2025-7064, a high-severity flaw in the Freelance Security Lock that lets authenticated attackers escape the restricted OT console and take full control of the underlying Windows system. Affected versions range from Freelance 2013 to 2024. A patch is available in Freelance 2024 SP1, with mitigations recommended for legacy systems.
CISA Flags Critical Flaw in Siemens SIPROTEC 5 Relays: Authenticated File Upload via DIGSI 5
CISA republished a Siemens advisory on CVE-2025-40808, a high-severity authenticated file-upload vulnerability in many SIPROTEC 5 protection relays via the DIGSI 5 protocol. An attacker with valid credentials can upload arbitrary files, potentially leading to remote code execution and grid disruption. Siemens has released firmware updates, and CISA recommends immediate patching, network segmentation, and strong authentication.
Patch Now: B&R Fixes Linux Kernel Flaws That Threaten OT Networks and Windows Hosts
B&R Industrial Automation's June 2026 advisory warns that multiple Linux kernel flaws allow local privilege escalation in its Linux for B&R 12, X20E controllers, and APROL systems, with Windows hosts also affected due to co‑resident Linux runtimes. Exploiting these bugs could let attackers take full control of critical industrial processes. Immediate patching and cross‑platform coordination are essential.
Siemens Patches Critical WinCC Certificate Manager Vulnerability CVE-2026-24349 with V21 Update 2
Siemens has patched a critical certificate management vulnerability (CVE-2026-24349) in its SIMATIC WinCC Unified PC Runtime software, affecting versions V16 through V21. The flaw could allow remote code execution and certificate spoofing in industrial control systems. Administrators must apply the V21 Update 2 patch immediately and consider certificate rotation.
usbliter8 BootROM Exploit Leaves iPhone XS, XR, 11 Permanently Open to USB Attacks
A new BootROM vulnerability called usbliter8 affects all A12 and A13 iPhones, including the XS, XR, and 11 models. Because it's hardware-based, the flaw is unpatchable via software and allows an attacker with physical USB access to compromise the device. Windows users who connect their iPhones to PCs should understand the risks and take precautions.