Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The Hacker News by The Hacker News
January 8, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 08, 2026Ravie LakshmananVulnerability / KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerabilities are listed below –

  • CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code by means of memory corruption
  • CVE-2025-37164 (CVSS score: 10.0) – A code injection vulnerability in HPW OneView that allows a remote unauthenticated user to perform remote code execution

Details of CVE-2025-37164 emerged last month when HPE said the vulnerability impacts all versions of the software prior to version 11.00. The company also made available hotfixes for OneView versions 5.20 through 10.

Cybersecurity

The scope and source of the attacks targeting the two flaws is presently unclear, and there appear to be no public reports referencing their exploitation in the wild. However, a report from eSentire on December 23, 2025, revealed the release of a detailed proof-of-concept (PoC) exploit for CVE-2025-37164.

“Public availability of PoC exploit code significantly increases the risk to organizations running affected versions of the application,” eSentire said. “As the vulnerability impacts all versions prior to 11.0, organizations are strongly advised to apply the required updates to mitigate the potential risk of exploitation.”

Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by January 28, 2026, to secure their networks against active threats.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Recommended.

Supercharging Connectivity: Brightspeed Business Launches New 5 Gig Fiber

Supercharging Connectivity: Brightspeed Business Launches New 5 Gig Fiber

May 19, 2026
Huawei dévoile une solution AI WAN améliorée dotée d’une architecture centrée sur l’IA pour stimuler la croissance des opérateurs

Huawei dévoile une solution AI WAN améliorée dotée d’une architecture centrée sur l’IA pour stimuler la croissance des opérateurs

October 18, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio