Cybersecurity Weekly Update: 5-12 January 2026
- SOC Team
- Jan 12
- 3 min read
1. HPE OneView – Actively Exploited Remote Code Execution (RCE)
A critical code injection vulnerability in HPE OneView (CVE-2025-37164) continues to be exploited in real-world attacks, prompting urgent advisories from CISA. This flaw allows remote, unauthenticated attackers to execute arbitrary code, potentially gaining control of infrastructure management systems. (itpro.com)
Impact: HPE OneView is widely used for datacentre and enterprise infrastructure orchestration — compromise can impact server builds, network control planes, and broader enterprise operations.
Action: Patch immediately and isolate management interfaces from general networks.
2. Apple WebKit – Actively Exploited Zero-Day
The Cybersecurity and Infrastructure Security Agency (CISA) warned that a critical zero-day vulnerability in Apple WebKit is being actively exploited in attacks. WebKit is the browser engine underpinning Safari and many iOS/macOS apps’ browsing capabilities, which means the vulnerability can be exploited through web content, phishing, or malicious links. (technobezz.com)
Impact: This affects organisations with Apple device fleets — especially in education and healthcare where iPads and Macs are common — exposing them to drive-by exploits and credential theft.
Action: Apply OS and browser updates immediately and educate users on suspicious links.
3. D-Link Legacy DSL Gateways — Remote Code Execution
Security researchers confirmed a critical remote code execution (RCE) flaw (CVE-2026-0625) in multiple end-of-life D-Link DSL routers, with active exploitation observed since late 2025. (techradar.com)
Why it matters: Although affecting legacy hardware, many SMBs, field offices, or education institutions still use these routers — making them easy pivot points into internal networks.
Action: Retire unsupported hardware or isolate/replace with modern, supported devices; enforce network segmentation.
4. Samsung Magician SSD Utility — DLL Hijack & Privilege Escalation
A high-severity vulnerability (CVE-2025-57836) in Samsung Magician SSD software for Windows allows non-admin users to exploit weak installer folder permissions for potential DLL hijacking and privilege escalation. (tomshardware.com)
Why it matters: While not yet seen in widespread exploitation, this flaw gives an adversary local elevation potential — particularly concerning in shared workstation environments.
Action: Update to Magician v9.0.0 or later across endpoints and include this in endpoint patch cycles.
5. Google Chrome WebView — Malicious Content Execution on Android
A high‑risk vulnerability affecting Google Chrome WebView (CVE‑2026‑0628) could allow attackers to load and execute malicious web content via crafted webpages or in‑app links on affected Android devices. The flaw stems from insufficient policy enforcement in the WebView component and was patched by Google in Chrome version 143.0.7499.192/.193. (Cybernews)
Why it matters: Chrome WebView is embedded in thousands of Android applications. Exploitation could lead to malware delivery, unauthorized actions, or data compromise across consumer and enterprise mobile environments.
Action: Apply the latest Android and Chrome updates immediately and enforce mobile device management (MDM) policies to ensure WebView is kept up to date.
Key Recommendations
Patch Immediately: Prioritise updates for HPE OneView, Apple WebKit (iOS/macOS), Android Chrome WebView, and Samsung Magician where active exploitation or high-risk flaws exist.
Protect Management & Legacy Systems: Isolate infrastructure management platforms and retire or segment end-of-life D-Link routers to reduce lateral-movement risk.
Harden Endpoints & Mobile Devices: Enforce OS, browser, and third-party software patching across Windows, Apple, and Android fleets, supported by MDM controls.
Reduce Web & Phishing Risk: Limit exposure to malicious links with user awareness, browser hardening, and strong authentication (MFA).
Maintain Asset Visibility: Continuously audit devices and software to quickly identify unsupported, unpatched, or exposed systems.
