#enterprise-security

A widely used VMware vCenter Server flaw is now confirmed under real-world attack, raising immediate risk for government and enterprise environments.

Source: CISA

A critical SmarterMail flaw allows unauthenticated attackers to execute remote commands by abusing the ConnectToHub API.

Source: VulnCheck

Security leaders warn that fast-growing AI agents inside organisations could be misused like trusted insiders, with broad access creating fresh opportunities for abuse.

Source: The Register

Google tracked 90 zero-days exploited in 2025, and for the first time ever, commercial surveillance vendors were responsible for more attributed zero-day attacks than traditional state-sponsored espionage groups.

Source: Google Threat Intelligence Group

Ivanti released patches for Endpoint Manager vulnerabilities including a high-severity authentication bypass and SQL injection, closing loopholes for credential theft and database compromise.

Source: SecurityWeek

A critical FortiClientEMS vulnerability enabled remote attackers to execute commands through the web interface before patches resolved the exposure.

Source: Arctic Wolf

SolarWinds patched serious Web Help Desk flaws that could have enabled unauthorised access and remote command execution.

Source: Arctic Wolf