VulnHub

Real-time Cybersecurity News

RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave

Infosecurity Magazine
Actively Exploited
LinuxVulnerabilityBotnetCheck PointHP

Overview

Check Point Research has reported a significant increase in attacks exploiting a vulnerability in HPE OneView, a management tool for Hewlett Packard Enterprise systems. The Linux-based RondoDox botnet is behind this wave of attacks, which raises concerns for organizations using HPE's software. The vulnerability allows attackers to take control of affected systems, potentially leading to data breaches or service disruptions. Companies using HPE OneView should take immediate action to secure their systems. The situation emphasizes the ongoing risk that vulnerabilities pose to enterprise environments and the need for timely patching and vigilance against emerging threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: HPE OneView
  • Action Required: Users should apply the latest patches from HPE for OneView and ensure all systems are updated to the most secure versions.
  • Timeline: Ongoing since recent reports

Original Article Summary

Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet

Impact

HPE OneView

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent reports

Remediation

Users should apply the latest patches from HPE for OneView and ensure all systems are updated to the most secure versions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Vulnerability, Botnet, and 2 more.

Read Original Article

Related Coverage

Fake job recruiters hide malware in developer coding challenges

BleepingComputer

North Korean hackers are running a fake recruiter scheme aimed at JavaScript and Python developers, using enticing cryptocurrency-related coding challenges to lure victims. These challenges often contain hidden malware designed to compromise the developers' systems. This tactic exploits the growing interest in cryptocurrency and the remote job market, making it especially appealing to tech professionals looking for work. Developers who engage with these fake opportunities risk not only their personal data but also their work environments, as the malware can lead to further security breaches. Awareness of these scams is crucial for developers to protect themselves from potential attacks.

Feb 13, 2026

Disney settles California privacy violations with $2.75M penalty

SCM feed for Latest

Disney has agreed to a settlement of $2.75 million to address violations of the California Consumer Privacy Act. The issues arose from the company's inadequate measures to allow customers to opt out of data sharing. This settlement underscores the importance of compliance with privacy laws, particularly as consumer data protection becomes a growing concern. Affected consumers include those who interacted with Disney's online services, as their data may have been shared without proper opt-out mechanisms. The case serves as a reminder for companies to prioritize transparency and user control over personal information.

Feb 13, 2026

Qilin attack-related breach confirmed by Conpet

SCM feed for Latest

Conpet, Romania's national oil pipeline operator, has confirmed that its data was compromised due to a Qilin ransomware attack that targeted its IT infrastructure last week. This incident raises concerns about the security of critical infrastructure, as ransomware attacks can disrupt essential services and lead to significant operational challenges. While specific details about the type of data compromised haven't been disclosed, the breach highlights the ongoing risks that organizations in crucial sectors face from sophisticated cybercriminals. The attack underscores the need for robust security measures in protecting vital systems against ransomware threats. Stakeholders in the energy sector should take note and review their security protocols to prevent similar incidents.

Feb 13, 2026

Atlas Air dismisses Everest ransomware attack claims

SCM feed for Latest

Atlas Air, a major U.S. cargo airline, has publicly rejected claims made by the Everest ransomware group that it successfully breached the airline's systems and stole 1.2 terabytes of sensitive technical information, including data related to Boeing aircraft. The airline insists that its operations remain secure and that there has been no compromise of its data. The allegations by Everest raise concerns about the vulnerability of critical infrastructure in the aviation sector, particularly as ransomware attacks have become more frequent and sophisticated. If the claims were true, it could have serious implications for aviation safety and security. However, with Atlas Air's denial, the situation remains unclear, and further investigation may be necessary to determine the validity of the ransomware group's claims.

Feb 13, 2026

Report highlights supply chain attack threat

SCM feed for Latest

A recent report has pointed out the growing threat of supply chain attacks, which are increasingly becoming a common method for cybercriminals. These attacks have led to serious issues like data breaches, credential theft, and ransomware incidents, creating a self-reinforcing cycle that complicates cybersecurity efforts. Organizations that rely on third-party vendors or software are particularly vulnerable, as attackers exploit these connections to infiltrate systems. This situation emphasizes the need for companies to strengthen their supply chain security measures and ensure that their partners are also adhering to strong cybersecurity practices. As these attacks become more prevalent, the risk to sensitive data and operational integrity continues to rise, making it essential for businesses to be proactive in their defense strategies.

Feb 13, 2026

Attribution of sprawling cyberespionage campaign allegedly held back amid China retaliation fears

SCM feed for Latest

A recent cyberespionage campaign linked to the hacking group TGR-STA-1030 has raised concerns among cybersecurity experts. Researchers from Palo Alto Networks' Unit 42 have attributed these attacks to a state-aligned group from Asia, but they have refrained from directly naming China. This cautious approach stems from fears of potential retaliation against the cybersecurity firm or its clients. The implications of this incident are significant, as it reflects the ongoing geopolitical tensions and the risks faced by organizations that publicly attribute cyberattacks. Companies involved in cybersecurity need to be aware of the potential backlash from their research and may need to reconsider how they communicate findings in the future.

Feb 13, 2026