Find notable cyber news and cases, enriched with sources, timelines, and signals.

HPE OneView RondoDox exploitation wave (CVE-2025-37164)

Exploitation Wave
First reported
Last updated
Happening score
H score 59
1 unique sources, 1 articles

Summary

Hide ▲

RondoDox has driven a large-scale exploitation wave against HPE OneView by targeting CVE-2025-37164, with activity escalating into automated attacks that created immediate risk for exposed systems. The wave became especially concerning on 7 January 2026, when more than 40,000 attack attempts were recorded in a few hours. The flaw is a critical RCE and has already been added to CISA’s KEV catalog, underscoring the urgency for defenders.

Cases

Related Happenings

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)

Vulnerability
H score43 First: 24.06.2026 20:19 Last: 24.06.2026 20:19 Sources 1

About this happening: **CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...

Everest Forms Pro CVE-2026-3300 active exploitation wave

Exploitation Wave
H score87 First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

About this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
H score9 First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

About this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...

PAN-OS GlobalProtect CVE-2026-0257 exploitation wave

Exploitation Wave
H score18 First: 01.06.2026 11:30 Last: 01.06.2026 11:30 Sources 1

About this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...

Timeline

  1. 16.01.2026 11:15 2 articles · 5mo ago

    HPE OneView RondoDox exploitation wave (CVE-2025-37164)

    Initial Disclosure

    Early activity in **December 2025** consisted of probing and initial exploitation attempts against **HPE OneView**. The campaign then escalated in **January 2026** into **botnet-driven automated exploitation** at scale.

    Show sources