Cambium DARPA contract and Netskope Microsoft integrations highlight November 2025 developments - Week of November 17, 2025

Overview of Recent Activity

Cambium secured a contract from DARPA to develop AI-driven polymer composites focused on bio-enabled materials for performance applications. Netskope expanded Cloud Access Security Broker (CASB) Application Programming Interface (API) support to cover Microsoft 365 Copilot, enhancing data security and policy enforcement. Eviden extended its contract to manage Switzerland's emergency notification system Polyalert through 2031. Mplify positioned Network as a Service as essential to Artificial Intelligence (AI) infrastructure at GNE 2025, emphasizing agentic AI connectivity. Several industrial control systems advisories were issued by CISA, including vulnerabilities in Schneider Electric and Shelly products. Emerson and Rockwell Automation disclosed vulnerabilities in their respective products, with mitigation recommendations provided. Other developments include Fibocom's launch of an AI Dongle for edge AI, Gilat's orders for power amplifiers supporting LEO Constellation (Low Earth Orbit) (LEO) constellations, and a partnership between Delta and Siemens to enhance data center power solutions. Advances in SONiC testing, security enhancements, and network telemetry AI were also reported.

Key Themes and Developments

Technology Releases & Product Enhancements

Cambium undertook an AI initiative to identify novel bio-enabled polymer composites, targeting materials that can replace structural titanium by using Generative AI (GenAI) to balance thermal stability and mechanical strength. Fibocom introduced an AI Dongle device providing mobile AI computing for edge applications such as process control systems and Network Attached Storage (NAS). Netskope released CASB API support for Microsoft 365 Copilot, enabling data security administrators to monitor Copilot usage, enforce Data Loss Prevention (DLP) policies, and provide threat protection across endpoints and cloud environments. Gilat received orders surpassing $6 million for Gateway Solid State Power Amplifiers designed to support Low Earth Orbit satellite constellations, with deliveries scheduled over the next year. SONiC deployments benefited from the Fabric Test Automation Suite (FTAS), facilitating standardized, automated testing across multi-vendor switches. ONES enhanced SONiC security via layered approaches including mutual Transport Layer Security (TLS), Role-Based Access Control (RBAC), and continuous telemetry monitoring to detect vulnerabilities and support compliance.

Emerson reported a stack-based buffer overflow vulnerability impacting Appleton UPSMON-PRO, recommending product replacement or specific network mitigations. Rockwell Automation addressed an incorrect authorization vulnerability in Verve Asset Manager by releasing versions 1.41.4 and 1.42. AVEVA Edge versions through 2023 R2 were found susceptible to brute-force password attacks due to weak cryptographic algorithms; patches and updated password hashing were advised. A vulnerability in the expr-eval JavaScript library was disclosed, potentially allowing arbitrary code execution through malicious input, with patches available. Shelly Pro 3EM devices exhibited an out-of-bounds read vulnerability potentially causing Denial of Service (DoS), with mitigation instructions provided although vendor coordination was not reported.

Partnerships & Ecosystem Engagement

Rafay Systems partnered with Aviz Networks to deliver integrated Graphics Processing Unit (GPU) cloud orchestration combining Kubernetes lifecycle management with AI-optimized fabric orchestration and tenant-aware networking. This collaboration enables rapid deployment of multi-tenant AI fabrics with self-service workflows and Full Stack Observability (FSO). Delta and Siemens Smart Infrastructure formalized a global partnership to provide prefabricated modular power solutions for data center infrastructure, targeting hyperscale and colocation operators. The joint effort aims to reduce construction time, minimize capital expenses, and improve energy efficiency across AI and cloud computing markets.

Mplify, formerly Model Evaluation Framework (MEF), convened the Global Network as a Service Event (GNE 2025), highlighting Network as a Service (NaaS) as the foundational network fabric for agentic AI architectures. The alliance underscored the importance of certified, automated, and federated networks for continuous, distributed AI reasoning. Presentations emphasized evolving network architecture requirements and the role of Lifecycle Service Orchestration (LSO) APIs for interoperability among providers.

Infrastructure, Platform, or Deployment Updates

Eviden secured an extension to manage the Polyalert nationwide emergency alert system in Switzerland through 2031 with provisions to extend to 2035. The contract includes operational support, modernization efforts, and alignment with cyber-security requirements. Polyalert integrates multiple channels, sirens, and mobile applications for critical incident communications. Gilat Satellite Networks reported substantial orders for solid-state power amplifiers to support Low Earth Orbit satellite constellation gateways, indicating ongoing deployment activities over the coming year.

Additional Updates from Other Organizations

CISA issued multiple advisories concerning vulnerabilities in industrial control systems, covering Schneider Electric EcoStruxure platforms, Shelly smart switches, METZ CONNECT equipment, and Schneider Electric PowerChute Serial Shutdown. The advisories detailed technical specifics, risk evaluations, and mitigation guidance including software updates and network security best practices. CISA also added CVE-2025-58034, related to Fortinet FortiWeb, to its Known Exploited Vulnerabilities (KEV) Catalog and issued alerts regarding exploitation risks, encouraging prioritized remediation.

Fortinet released security advisories addressing a relative path traversal vulnerability in FortiWeb Web Application Firewall (WAF) products that allows unauthenticated administrative command execution via crafted HTTP(S) requests. Fortinet provided version updates and recommended disabling external HTTP/HTTPS interfaces where upgrades are not feasible. Aviz Networks published discussions on the cost benefits of 400GbE network infrastructure and advanced Deep Packet Inspection (DPI) through user-defined filtering for enterprises, highlighting technology and operational considerations. Netskope additionally announced enhancements to the Microsoft security framework, integrating DLP and threat protection capabilities across Microsoft cloud services including Entra Suite and Microsoft Purview.

Full Update Index

Details are drawn from articles covering AI-driven polymer development by Cambium, cybersecurity advisories from CISA, Netskope’s Microsoft integrations, Eviden’s Polyalert contract, Mplify’s Network as a Service (NaaS) focus at GNE 2025, Rafay and Aviz’s GPU cloud orchestration partnership, Delta and Siemens data center collaboration, vulnerabilities in Emerson and Rockwell products, Fibocom’s AI Dongle release, Gilat Satellite Networks’ orders for Satellite Communications (Satcom) equipment, AVEVA Edge cryptographic vulnerability, and Fortinet FortiWeb security updates.

1. Cambium Receives Contract from DARPA to Develop AI-Driven Polymer Composites
   Cambium has secured a contract with DARPA to develop foundational materials AI capabilities aimed at discovering novel bio-enabled polymer composites.
2. Schneider Electric PowerChute Serial Shutdown
   Schneider Electric disclosed vulnerabilities in PowerChute Serial Shutdown versions 1.3 and prior, rated Common Vulnerability Scoring System (CVSS) 7.8. Issues include path traversal, excessive authentication attempts, and incorrect permissions. Users should upgrade to version 1.4 to mitigate risks. CISA recommends several defensive measures.
3. CISA Issues Six Advisories on Industrial Control Systems Vulnerabilities
   CISA issued six new Industrial Control Systems Advisories detailing vulnerabilities and exploits related to various ICS products. The advisories include information on products from Schneider Electric and Shelly, among others. Users and administrators are advised to review these advisories for technical details and mitigations.
4. Netskope Extends CASB API Support for Microsoft 365 Copilot
   Netskope recently announced CASB API support for Microsoft 365 (M365) Copilot, allowing data security admins to connect and enforce DLP policies.
5. Eviden secures contract extension to manage Polyalert system in Switzerland
   Eviden has received a contract extension from the Swiss Federal Office for Civil Protection to manage the Polyalert system, ensuring continuous modernization and compliance until 2031. This system is crucial for emergency notifications in Switzerland, operational since 2016, leveraging advanced methodologies for public safety.
6. Mplify positions NaaS as core to AI infrastructure at GNE 2025
   GNE 2025 discusses how Mplify standards are powering the network fabric of the AI Edge Resource Allocator (ERA). NaaS is positioned as the core of AI infrastructure.
7. CISA Issues Six Advisories on Industrial Control Systems Vulnerabilities
   CISA has issued six advisories regarding vulnerabilities in various Industrial Control Systems (ICS), including products from Schneider Electric and Shelly. Users are advised to review these advisories for technical details and mitigation strategies.
8. Mavenir to Deliver Corporate Update and AI Vision at Annual Global Analyst Event
   Mavenir's upcoming annual analyst event on November 19-20, 2025, will showcase its strategies for AI-driven autonomous networks.
9. Emerson Appleton UPSMON-PRO Vulnerability Discovered
   Emerson's Appleton UPSMON-PRO is vulnerable to a stack-based buffer overflow that can allow remote code execution. The product is end-of-life, and users are advised to replace or implement specific mitigations to protect their systems. Recommended actions include blocking User Datagram Protocol (UDP) port 2601 and isolating monitoring networks.
10. Vulnerability in expr-eval JavaScript Library Can Lead to Arbitrary Code Execution
    A vulnerability in the Network Performance Monitor (NPM) package expr-eval could allow attackers to execute arbitrary code through manipulated input.
11. Rafay Systems and Aviz Networks Partner for GPU Cloud Orchestration
    Rafay Systems and Aviz Networks announce strategic partnership to deliver full-stack GPU cloud orchestration with AI-ready networking, enabling enterprises and GPU cloud providers to rapidly deploy multi-tenant AI fabrics with self-service workflows.
12. AVEVA Edge Vulnerability Exposes Passwords to Brute-Force Attacks
    AVEVA Edge versions 2023 R2 and prior are affected by a vulnerability allowing local attackers to brute-force passwords.
13. Fibocom Unveils AI Dongle for Edge AI Applications
    Fibocom has launched an AI Dongle, a compact device that enhances edge AI computing for various personal and business applications.
14. Gilat Receives More Than $6 Million in Orders to Support Low Earth Orbit Constellations
    Gilat Satellite Networks has received over $6 million in orders for its high-efficiency Solid State Power Amplifiers to support Low Earth Orbit constellations. The orders highlight the strong demand for the company’s technology, with deliveries scheduled over the next 12 months.
15. Netskope Enhances Microsoft Security Framework
    Netskope’s latest updates enhance Microsoft security, optimizing investments in Purview and Copilot, while providing strong data protection.
16. Aviz Networks Discusses 40% Total Cost of Ownership (TCO) Savings with 400GbE Network Infrastructure
    Aviz Networks explores how transitioning to 400GbE network infrastructure can result in significant TCO savings through SONiC adoption.
17. Delta and Siemens form partnership to enhance data center solutions
    Delta and Siemens have formalized a global partnership to provide prefabricated, modular power solutions aimed at enhancing data center deployment efficiency and sustainability. This collaboration targets operators in the competitive AI and cloud computing sectors, emphasizing reduced costs and carbon emissions.
18. Fabric Test Automation Suite (FTAS) Standardizes Multi-Vendor SONiC Testing
    The Fabric Test Automation Suite (FTAS) streamlines quality testing for multi-vendor SONiC deployments by utilizing SONiC's Command-Line Interface (CLI).
19. Rockwell Automation Addresses Verve Asset Manager Vulnerability
    Rockwell Automation's Verve Asset Manager has a vulnerability, CVE-2025-11862, identified as incorrect authorization, affecting multiple versions. Users are advised to update to versions 1.41.4 and 1.42. CISA recommends defensive measures to reduce exploitation risks.
20. Deep Packet Inspection through User Defined Filtering (UDF) with Aviz OPB
    A recent blog post discusses the value of Deep Packet Inspection for enterprises, emphasizing its precision in monitoring network traffic.
21. Shelly Pro 3EM Vulnerability Report Details CVSS v4 Score of 8.3
    The report details a vulnerability in the Shelly Pro 3EM smart DIN rail switch, indicating a CVSS v4 score of 8.3 due to potential DoS conditions. Mitigation recommendations include securing network exposure and employing firewalls and VPNs. No public exploitation has been reported.
22. AI Enhancements in Network Telemetry for IT Leaders
    AI is positioned to enhance network telemetry, moving beyond basic applications to provide deeper insights and optimize performance for IT leaders.
23. CISA issues alert on Fortinet FortiWeb path traversal vulnerability
    CISA reported exploitation of CVE-2025-64446, a relative path traversal vulnerability in Fortinet FortiWeb versions between 7.0.0 and 8.0.1. The flaw allows unauthenticated actors to execute administrative commands via crafted HTTP(S) requests. Fortinet advises upgrading to specified fixed versions or disabling HTTP/HTTPS for external interfaces.
24. CISA Adds CVE-2025-58034 to KEV Catalog
    CISA has added a new vulnerability to its KEV Catalog, specifically CVE-2025-58034 affecting Fortinet's FortiWeb products. The advisory urges organizations to prioritize remediation to mitigate risks associated with cyber threats.
25. ONES Enhances Security for SONiC Deployments with Layered Strategies
    Promotion of enterprise security is underscored in a guide focusing on ONES, which enhances SONiC deployments through a layered security approach.