HPE OneView CVE-2025-37164 worth paying attention to

- Widely used enterprise management software

- HPE added a REST command, executeCommand, which requires no authentication to execute commands. Obviously, this is dumb and now patched out

- Being on OneView allows attacker to access VMware, 3PAR storage etc by design

- Expect exploitation in the wild as it's so simple

- The vulnerability (executeCommand) was introduced around 2020, feels like a vulndoor

Shodan dork: product:"HPE OneView"

Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations.

https://www.bleepingcomputer.com/news/security/denmark-blames-russia-for-destructive-cyberattack-on-water-utility/

Suspicions in the crypto community point to AI-supported hackers carrying out a concentrated campaign to steal around $5 million in old and sometimes abandoned DeFi projects.

Is an AI hacker targeting old DeFi projects in $5M spree?

https://protos.com/is-an-ai-hacker-targeting-old-defi-projects-in-5m-spree/

Russia is responsible for destructive and disruptive cyberattacks against Denmark

PDF: https://www.fe-ddis.dk/globalassets/fe/dokumenter/2025/-russia-responsible-for-cyber-attacks-.pdf

Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability.

https://www.bleepingcomputer.com/news/security/over-25-000-forticloud-sso-devices-exposed-to-remote-attacks/