{“lastseen”:”2026-01-08T16:06:59″,”description”:”The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). \\n\\nThe KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of vulnerabilities that are known to be exploited in the wild, along with deadlines for when they must be patched. In both of these cases, the due date is January 28, 2026.\\n\\nBut CISA alerts are not just for government agencies. They also provide guidance to businesses and end users about which vulnerabilities should be patched first, based on real-world exploitation.\\n\\n## A critical flaw in HPE OneView\\n\\nThe recently found vulnerability, tracked as CVE-2025-37164, carries a CVSS score of 10 out of 10 and allows remote code execution. The flaw affects HPE OneView, a platform used to manage IT infrastructure, and a patch was released on December 17, 2025.\\n\\nThis critical vulnerability allows a remote, unauthenticated attacker to execute code and potentially gain large-scale control over servers, firmware, and lifecycle management. Management platforms like HPE OneView are often deployed deep inside enterprise networks, where they have extensive privileges and limited monitoring because they are trusted.\\n\\nProof of Concept (PoC) code, in the form of a Metasploit module, was made public just one day after the patch was released.\\n\\n## A PowerPoint vulnerability from 2009 resurfaces\\n\\nThe cybersecurity dinosaur here is a vulnerability in Microsoft PowerPoint, tracked as CVE-2009-0556, that dates back more than 15 years. It affects:\\n\\n * Microsoft Office PowerPoint 2000 SP3\\n * PowerPoint 2002 SP3\\n * PowerPoint 2003 SP3\\n * PowerPoint in Microsoft Office 2004 for Mac\\n\\n\\n\\nThe flaw allows remote attackers to execute arbitrary code by tricking a victim into opening a specially crafted PowerPoint file that triggers memory corruption.\\n\\nIn the past, this vulnerability was exploited by malware known as Apptom. CISA rarely adds vulnerabilities to the KEV catalog based on ancient exploits, so the \u201csudden\u201d re\u2011emergence of the 2009 PowerPoint vulnerability suggests attackers are targeting still\u2011deployed legacy Office installs. \\n\\nSuccessful exploitation can allow attackers to run arbitrary code, deploy malware, and establish a foothold for lateral movement inside a network. Unlike the HPE OneView flaw, this attack requires user interaction\u2014the target must open the malicious PowerPoint file.\\n\\n## Stay safe\\n\\nWhen it comes to managing vulnerabilities, prioritizing which patches to apply is an important part of staying safe. So, to make sure you don\u2019t fall victim to exploitation of known vulnerabilities:\\n\\n * Keep an eye on the CISA KEV catalog as a guide of what\u2019s currently under active exploitation.\\n * Update as fast as you can without interrupting daily routine.\\n * Use a real-time up-to-date anti-malware solution to intercept exploits and malware attacks.\\n * Don\u2019t open unsolicited attachments without verifying with the\u2014trusted\u2014sender.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-01-08T14:29:36″,”modified”:”2026-01-08T14:29:36″,”type”:”malwarebytes”,”title”:”CISA warns of active attacks on HPE OneView and legacy PowerPoint”,”source”:””,”references”:””,”id”:”MALWAREBYTES:4C80D8DBF9D944120248F0A2ED6B95C4″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2009-0556″,”CVE-2025-37164″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/01\/cisa-warns-of-active-attacks-on-hpe-oneview-and-legacy-powerpoint”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-08T16:06:59″,”description”:”The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,36,12,115,13,7,11,5],"class_list":["post-34684","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n