Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well.

Zyxel has patched a critical-severity OS command execution vulnerability that is remotely exploitable via crafted UPnP requests.

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.

Microsoft has implemented and continues to deploy mitigations against prompt injection attacks in Copilot, the company announced last week. Spammers were using the "Summarize with AI" type of buttons ...

The moment an AI system can read internal systems, trigger workflows, move money, send emails, update records or approve actions, the risk profile changes.

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...