A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), identified as CVE-2025-27915, has been exploited in targeted attacks using weaponized iCalendar files. This stored cross-site scripting (XSS) flaw allows attackers to steal sensitive data from victims' email accounts.

A newly patched VMware vulnerability, tracked as CVE-2025-41244, has been exploited as a zero-day for code execution with elevated privileges. The flaw affects VMware Aria Operations and VMware Tools, allowing attackers to escalate privileges to root on managed VMs.

A zero-day vulnerability in Zimbra Collaboration Suite (ZCS) has been exploited by hackers using malicious iCalendar files. The flaw, identified as CVE-2025-27915, allows attackers to execute arbitrary JavaScript and steal sensitive data from Zimbra Webmail.

A new study by Microsoft researchers reveals that generative AI can design genetic sequences capable of producing dangerous toxins, highlighting potential biosecurity risks. The findings suggest that existing safeguards in biotech companies may be insufficient to prevent such threats.

Oracle has issued a critical patch for a zero-day vulnerability in its E-Business Suite, tracked as CVE-2025-61882, which allows unauthenticated remote code execution. The flaw has been actively exploited in data theft attacks by the Clop ransomware gang.