The company’s latest security update contains the highest number of Android vulnerabilities patched in a single month since April 2018.

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there.

The average time from intrusion to network movement in 2025 was 29 minutes, a 65% increase in speed from the year prior.

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed.

For 20 years, tech has moved fast and broken things. The result: a cybersecurity crisis built on rushed code and vulnerable software. It's time to replace speed-at-all-costs…

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.