I am signed up to their notification list and there was some security updates released. A kernel update and httpd but I am using the VM bleeding edge repos so httpd didn't update. I guess it would probably mess everything up if it did since I believe their web home directory is in /var/www/html.
Here is the notice: https://rhn.redhat.com/errata/RHSA-2010-0659.html
Related forum post: https://www.virtualmin.com/node/15408#comment-67557