POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work.
TTPs and telemetry suggest a real focus on zero days and appliances by Chinese APTs.
CVSS 9.8 vulnerability added to CISA "known exploited" catalogue
Pre-auth RCE has been exploited in the wild...
Wait, what? (Patch this one urgently...)