This week's threat intelligence roundup covers Microsoft Edge's plaintext password exposure in process memory, new industrial control system zero-days, and US officials considering dramatically shorter patch deadlines for critical government infrastructure.

Microsoft Edge Stores Passwords in Plaintext

A security researcher revealed that Microsoft Edge decrypts every saved credential at startup and keeps them resident in process memory — even if you never visit a site that uses those credentials.

An attacker with administrative privileges can access Microsoft Edge user passwords by creating a memory dump of Edge's "browser" sub-task via the Windows Task Manager. The credentials are stored in cleartext in process memory.

Researcher Tom Jøran Sønstebyseter Rønning noted the irony: "When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory. This happens even if you never visit a site that uses those credentials. At the same time, Edge requires you to re-authenticate before showing those same passwords in the Password Manager UI — yet the browser process already has them all in plaintext."

Edge is the only Chromium-based browser that exhibits this behavior. Microsoft has described it as by design to speed up the sign-in process.

ICS Zero-Days Under Active Exploitation

Multiple new zero-day vulnerabilities affecting industrial control systems (ICS) are being actively exploited in the wild. These vulnerabilities target operational technology environments, which often run legacy systems that cannot be quickly patched.

Organizations operating critical infrastructure should immediately implement network segmentation between IT and OT environments and deploy anomaly detection on industrial protocols.

Shorter Patch Deadlines Under Consideration

U.S. cybersecurity officials are considering sharply shorter deadlines for fixing critical flaws in government IT systems, amid concerns that bad actors could exploit them using artificial intelligence tools. AI-accelerated exploitation is eroding the traditional assumption that organizations have weeks or months to patch newly disclosed vulnerabilities.

The proposed changes would significantly compress remediation windows, particularly for vulnerabilities in internet-facing systems and critical infrastructure components.