hp (hp) News Articles

RondoDox botnet exploits HPE OneView vulnerability on a massive scale

RondoDox botnet launches massive attack campaign on HPE OneView vulnerability. Check Point blocks 40,000 attempts, CISA warns.

3 weeks ago

RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave

Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet

3 weeks ago

Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability

Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The exploitation campaign is attributed to the RondoDox botnet and escalated rapidly to tens of thousands of automated attack attempts. Check Poin...

3 weeks ago

CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw

If your office uses Hewlett Packard Enterprise (HPE) OneView to manage its servers and networking, you need to check your software version immediately. A major security flaw has been discovered that enables...

3 weeks ago

CISA warns of active attacks on HPE OneView and legacy PowerPoint

Two actively exploited flaws—one brand new, one 16 years old—have been added to CISA’s KEV catalog, signaling urgent patching.

4 weeks ago

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) - Help Net Security

A RCE vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView was added to CISA's Known Exploited Vulnerabilities catalog.

4 weeks ago

CISA flags exploited Office relic alongside fresh HPE flaw

CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in Microsoft...

4 weeks ago

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog.

4 weeks ago

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog.

4 weeks ago

CISA tags max severity HPE OneView flaw as actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks.

1 month ago

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA adds two vulnerabilities affecting Microsoft Office and HPE OneView to its KEV list, urging agencies to patch by January 28, 2026.

1 month ago

Critical HPE OneView Vulnerability Exploited in Attacks

CISA warns that CVE-2025-37164, a maximum-severity HPE OneView vulnerability leading to remote code execution, has been exploited in the wild.

1 month ago

Critical HPE OneView Vulnerability Exploited in Attacks

CISA warns that CVE-2025-37164, a maximum-severity HPE OneView vulnerability leading to remote code execution, has been exploited in the wild.

1 month ago

PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution

Researchers released a PoC exploit for a critical HPE OneView flaw that lets attackers run malicious code remotely without authentication.

HPE OneView RCE Vulnerability Exploited via Newly Released PoC

A critical security flaw in HPE OneView is currently at high risk of exploitation following the release of a technical analysis and Proof-of-Concept (PoC) code.

Critical HPE OneView bug triggers alarm bells

HPE has pushed an emergency hotfix for a critical CVSS 10 bug in its IT infrastructure management software OneView – allocated CVE-2025-37164.

HPE warns of maximum severity RCE flaw in OneView software

Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely.

HPE OneView Vulnerability CVE-2025-37164: Critical Security Update Required

HPE OneView critical vulnerability CVE-2025-37164 with CVSS score of 10.0. Learn more about the bug and how to update your system to prevent cyber attacks.

HPE Alerts to Aruba Hardcoded Credential Flaws Allowing Auth Bypass

The vulnerabilities, identified as CVE-2025-37103 and CVE-2025-37102, affect devices running software version 3.2.0.1 and below

A critical flaw found in popular HPE Aruba Wi-Fi devices

HPE has issued a warning regarding hardcoded credentials within Aruba Instant On Access Points, which could enable remote attackers to gain administrative

HPE warns of hardcoded passwords in Aruba access points

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

Critical CVE-2025-37093 Hits HPE StoreOnce Systems

HPE warns of critical CVE-2025-37093 in StoreOnce software. Vulnerability allows remote access. Patch to version 4.3.11 or later urged for all users.

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

HPE patches 8 StoreOnce flaws, including CVE-2025-37093, risking RCE and auth bypass—users must update now

HPE Remote Support Tool Vulnerability Let Attackers Execute Arbitrary code - PoC Released

A newly disclosed vulnerability in Hewlett Packard Enterprise's (HPE) Insight Remote Support tool enables unauthenticated attackers to execute arbitrary code on vulnerable systems, with proof-of-concept (PoC) exploit code now publicly available.