Earlier today a vulnerability was uncovered that might have permitted unauthorized users to manipulate project membership or create or delete VMs within cloud-vps. That issue has since been resolved, and there is currently no evidence that anyone exploited it.
Nevertheless, out of an abundance of caution: if you are a project admin, please review the members and projectadmins of your project. If you see any unknown or untrusted users or unexpected instances, remove them and notify me directly about what you found and what you've done.
Thank you!
-Andrew + the WMCS team