InfoSecBulletin Cybersecurity for mankind
Hewlett Packard Enterprise (HPE) has fixed a critical vulnerability in its OneView software that allowed remote code execution. OneView is HPE’s software for managing infrastructure, helping IT admins streamline server, storage, and network management.
Vietnamese researcher Nguyen Quoc Khanh (brocked200) reported the critical security flaw (CVE-2025-37164) to the company’s security team.
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
All OneView versions prior to v11.00 are vulnerable to exploitation by unauthenticated attackers through simple code injection, allowing remote code execution on unpatched systems.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be exploited, allowing a remote unauthenticated user to perform remote code execution,” HPE warned in a Tuesday advisory.
Admins should patch vulnerable systems for CVE-2025-37164 immediately, as no workarounds or mitigations are available. HPE has not confirmed if this vulnerability has been exploited in attacks. Affected organizations can upgrade to OneView version 11.00 or later via HPE’s Software Center to fix it.
CISA has included a new ASUS vulnerability in its Known Exploited Vulnerabilities catalog, indicating a serious risk for affected users. The flaw, CVE-2025-59374, impacts ASUS Live Update, a tool for firmware and software updates on ASUS devices. The advisory states that some ASUS Live Update clients were compromised with malware due to unauthorized changes in the supply chain.
