A new zero-day vulnerability, CVE-2025-26633, has been identified in Microsoft Windows, particularly affecting the Windows MMC. Cybercriminals, reportedly linked to at least six nation-states, are exploiting this flaw for espionage and data theft, including cryptocurrency. Trend Micro researchers have highlighted the seriousness of the situation, noting that the vulnerability is part of an active campaign. In response, Microsoft has issued an unofficial patch to address the issue. Additionally, VMware has patched an authentication bypass flaw in its Windows Tools Suite, which has been exploited by a Russian ransomware gang prior to the patch's release. Broadcom’s VMware has also accused Siemens of pirating thousands of copies of its software, further complicating the security landscape for users of these technologies.