Cybersecurity Today HPE Open View Vulnerability Hits CISA Known Exploited List
Jan 14, 2026
Discover a massive credit card skimming campaign that's been operating since early 2022. Learn about a critical vulnerability in HPE OneView requiring immediate action. The stealthy Valley Rat malware poses a serious threat by stealing credentials. A potential zero-click exploit in WhatsApp raises concerns for user safety. Plus, cutting-edge AI advancements are being developed at US National Labs to combat cyber threats. Stay informed on these pressing cybersecurity issues!
AI Snips
Chapters
Transcript
Episode notes
Client-Side Skimming Evades Traditional Defenses
- Magecart-style skimmers run in the victim's browser and bypass server logs and many perimeter defenses.
- Jim Love highlights that subtle checkout friction can be the only visible sign of real-time card theft.
Continuously Inspect Checkout Scripts
- Continuously validate the scripts running in production checkout flows rather than only patching servers.
- Jim Love cites SilentPush's findings to urge proactive code inspection for site operators.
High-Severity OneView Bug Raises Urgency
- CVE-2025-37164 in HPE OneView is an unauthenticated RCE scored 10 and listed by CISA as actively exploited.
- Jim Love notes a discrepancy between CISA's listing and HPE/Rapid7 reporting no observed exploitation yet.