OneView gives attackers the full tour.
Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table.
Today is Thursday December 18th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software.
Hewlett Packard Enterprise has released patches for a maximum-severity vulnerability in its OneView infrastructure management software that allows remote code execution by unauthenticated attackers. Tracked as CVE-2025-37164, the flaw affects all OneView versions prior to 11.00 and can be exploited through low-complexity code injection attacks. The issue was reported by Vietnamese security researcher Nguyen Quoc Khanh and disclosed in an HPE advisory warning that no mitigations or workarounds are available. Organizations are urged to patch immediately. HPE says customers can remediate the issue by upgrading to OneView 11.00 or later, or by applying specific security hotfixes for versions 5.20 through 10.20. HPE has not confirmed any active exploitation of the vulnerability.
Cisco warns a critical zero-day is under active exploitation.
Cisco has warned that a China-linked threat group is actively exploiting a critical zero-day, CVE-2025-20393, affecting Cisco AsyncOS-based Secure Email Gateway and Secure Email and Web Manager appliances. The flaw allows unauthenticated attackers to execute commands with root privileges. Cisco Talos discovered the activity and attributed it, with moderate confidence, to a Chinese state-sponsored actor tracked as UAT-9686. The campaign uses multiple backdoors and tunneling tools. No patch or workaround is currently available, and CISA has added the flaw to its Known Exploited Vulnerabilities catalog.
An emergency Chrome update fixes two high-severity vulnerabilities.
Google has released an emergency Chrome update fixing two high-severity vulnerabilities that could allow remote code execution. The flaws include a use-after-free bug in the WebGPU component and out-of-bounds read and write issues in the V8 JavaScript engine, tracked as CVE-2025-14765 and CVE-2025-14766. Google has patched the issues in Chrome version 143.0.7499.146 or later. Users are strongly urged to update immediately, including those running Chromium-based browsers such as Edge, Brave, Opera, and Vivaldi.
French authorities make multiple arrests.
French authorities have arrested a 22-year-old suspect in connection with a cyberattack on France’s Interior Ministry that compromised multiple email accounts and confidential documents. Officials say the breach, claimed on BreachForums, exposed files related to judicial records and wanted persons, with attackers inside the network for several days. No ransom demand was made, and authorities say public safety was not endangered. Prosecutors allege the suspect acted as part of an organized group and note prior convictions for similar offenses.
French authorities have arrested two crew members of an Italian passenger ferry after malware capable of remote access was found aboard the vessel. A Bulgarian national was released without charge, while a Latvian crew member remains detained and faces charges of conspiring to infiltrate computer systems on behalf of a foreign power. The malware was discovered while the ferry was docked in Sète and was neutralized without impact. Officials say the investigation involves suspected foreign interference and is ongoing in coordination with Italian authorities.
US authorities dismantle an unlicensed crypto exchange accused of money laundering.
US authorities have dismantled E-Note, an unlicensed cryptocurrency exchange accused of laundering more than $70 million in illicit proceeds for cybercriminals. The FBI, working with European and US partners, seized servers, domains, and apps used by the service, which allegedly helped ransomware groups and other criminals convert stolen cryptocurrency into harder-to-trace assets. Prosecutors unsealed charges against 39-year-old Russian national Mykhalio Petrovich Chudnovets, accused of operating E-Note and offering laundering services for over a decade. He faces up to 20 years in prison if convicted and remains at large. Officials say the takedown targets the financial infrastructure that enables cybercrime, not just individual attackers.
SonicWall highlights an exploited zero-day.
SonicWall has warned that attackers are exploiting a zero-day vulnerability in the Secure Mobile Access 1000 appliance management console. Tracked as CVE-2025-40602, the medium-severity flaw allows local privilege escalation and has been used alongside a previously disclosed bug to achieve unauthenticated remote code execution with root privileges. The issue has been patched in recent hotfixes, and CISA has added it to the Known Exploited Vulnerabilities catalog, urging rapid remediation and mitigations where patching is delayed.
Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components.
The inaugural Zeroday Cloud hacking competition in London awarded researchers $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. Hosted by Wiz Research with Amazon Web Services, Microsoft, and Google Cloud, the event focused exclusively on cloud systems. Across 13 sessions, researchers succeeded in 85% of attempts, uncovering 11 zero-day vulnerabilities. Day one awards totaled $200,000 for exploits targeting Redis, PostgreSQL, Grafana, and the Linux kernel, including a container escape flaw that broke cloud tenant isolation. Day two added $120,000 for database exploits involving Redis, PostgreSQL, and MariaDB. Team Xint Code won the competition with three successful exploits, earning $90,000. Despite the results, most of the $4.5 million prize pool went unclaimed, with no successful exploits against Kubernetes, Docker, major web servers, or AI targets.
A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data.
Sen. Ron Wyden of Oregon is urging U.S. electronic health record vendors to give patients greater control over who can access their medical data, framing the issue as both a privacy and national security concern. His push comes as regulators more aggressively enforce data interoperability rules under the 21st Century Cures Act, which aim to improve data sharing while allowing exceptions for privacy and cybersecurity. Wyden contacted 10 major EHR vendors, calling for “direct control” features for patients. He warned that widespread data sharing increases risks of misuse, citing past Defense Department findings. Epic responded that it is developing new MyChart features to let patients opt out of sharing, hide records, track access, and manage preferences for sensitive care.
A right-to-repair group puts cash on the table.
A small nonprofit with a long memory and a short tolerance for corporate lock-ins is paying people to answer an awkward question: when you buy a device, how much of it is actually yours? Freedom from Unethical Limitations on Users, or Fulu, runs bounties not for security bugs, but for proof that abandoned or restricted hardware can still be made to work.
The effort gained momentum after Google retired support for early Nest thermostats, leaving owners with expensive wall ornaments that still worked locally but had quietly lost their “smart.” Fulu now offers cash rewards for fixes that bypass DRM, expired software support, or parts pairing schemes. Targets include filter-locked appliances, disk-drive encryption in game consoles, and other features that seem designed to outlive warranties, not usefulness.
The irony is that fixing these devices can violate US copyright law. Fulu pays anyway. The group’s point is not just to revive gadgets, but to highlight how a decades-old law now stands between ownership and permission.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.
