Cybersecurity Today with Jim Love

Episode: HPE Open View Vulnerability Hits CISA Known Exploited List
Date: January 14, 2026

Overview

This episode delivers critical updates on recent cybersecurity threats impacting businesses worldwide, including new credit card skimming campaigns (Magecart), a high-severity vulnerability in HPE OneView flagged by CISA, emergent ValleyRat malware threats, rumors of a zero-click WhatsApp exploit, and the use of AI-powered defensive cyber simulations in U.S. national laboratories. Host Jim Love underscores the need for proactive, layered defense strategies as attacks evolve in subtlety and sophistication.

Key Discussion Points & Insights

1. Ongoing Magecart Skimming Campaigns

Timestamp: 01:10–03:40

Discovery:
A vast, active Magecart skimming campaign has been uncovered, operating since at least 2022 and targeting global payment card networks such as American Express, Diners Club, Discover, and MasterCard.
How Magecart Works:
Magecart isn’t a single group; it's an umbrella term for attacks using web skimmers—malicious JavaScript injected into online checkout pages to siphon payment details in real time. Originally spotted on Magento stores, these attacks now endanger any e-commerce platforms processing payments.
Threat Dynamics:
Since skimming happens client-side, it's often invisible to perimeter security; server logs may not reflect the intrusion. User-visible signs are minimal—perhaps a sudden request to re-enter payment info—but data may already be stolen, even if transactions fail.
Recommendations:
- Consumers should vigilantly monitor card statements, especially after odd checkout experiences.
- For businesses:
  “Silent Push’s findings underline the need for proactive code inspection, not just patching servers, but continuously validating the scripts actually running in production checkout flows.” (Jim Love, 03:22)

2. HPE OneView Vulnerability (CVE-2025-37164)

Timestamp: 03:41–06:10

Issue Summary:
A maximum severity (CVSS 10) remote code execution bug in HPE OneView makes it onto CISA’s Known Exploited Vulnerabilities (KEV) list. This platform centrally manages servers, storage, and networking.
Debate Over Exploitation Evidence:
HPE maintains that there are no known customer reports of exploitation, and Rapid7 corroborates, having seen no incidents. However, CISA’s listing is based on some evidence of exploitation, increasing the urgency for users.
Risk & Remediation:
Because OneView occupies a highly privileged network spot, the recommendation is unequivocal:
“The remediation is straightforward and urgent. Patch immediately. HPE has released a hotfix…” (Jim Love, 05:55)
Rapid7 advises treating the situation as if a breach has already occurred.

3. ValleyRat Malware – Persistent Credential and Data Theft

Timestamp: 06:11–08:05

Malware Capabilities:
Valirat is a new remote access trojan meant to silently steal financial data and credentials, maintain long-term surreptitious access, and facilitate lateral movement.
Stealth Techniques:
ValleyRat utilizes legitimate Windows tools (“living off the land”) to evade detection, blends in with normal activity, and establishes multiple persistent footholds.
Remediation Advice:
- Behavior-based monitoring is preferred over signature-based antivirus.
- Signs include unexpected use of PowerShell, odd outbound connections, and persistence after attempted removal.
Quote Highlight:
“ValleyRat isn’t dangerous because it’s loud. It’s dangerous because it’s patient. For security teams, the absence of alerts doesn’t mean the absence of attackers…” (Jim Love, 07:40)

4. Suspected Zero-Click WhatsApp Exploit

Timestamp: 08:06–10:30

The Vulnerability:
Reports (unconfirmed) detail a zero-day allowing attackers to compromise smartphones via a specially-crafted WhatsApp voice call—even if the call isn’t answered.
Scope & Concerns:
Details are scant; both iOS and Android devices could be vulnerable, but Meta has not confirmed nor provided a patch. No independent analysis or mass exploitation reported so far.
Cautionary Measures:
- Keep WhatsApp updated.
- Limit incoming calls where possible.
- Unexplained device behaviors (crashes, overheating) after missed calls could be a red flag.
Perspective:
“So until more details are available, mitigation options are limited. Users should ensure WhatsApp is fully updated and restrict who can call them where possible…” (Jim Love, 10:12)

5. AI in National Security – Cyber Attack Simulations

Timestamp: 10:31–12:20

Breakthroughs in Defense:
U.S. national laboratories are pioneering generative AI tools to simulate cyber attacks. At Pacific Northwest National Laboratory, AI models adversarial tactics so defenders can proactively test environments and uncover vulnerabilities before real attackers strike.
Insightful Observation:
“If you’re hearing about a classified capability, it’s probably already been surpassed internally. And the same logic applies here…” (Jim Love, 11:58)
Publicly acknowledged projects may indicate that the U.S. is already several steps ahead in the AI cyber race.

Notable Quotes & Memorable Moments

On Magecart:
“Magecart isn’t a single group. It’s a label used for a class of attacks that inject malicious JavaScript … The skimmer runs in the customer’s browser, copying payment details in real time and sending them to attacker-controlled servers.” (Jim Love, 01:50)
On Silent Threats:
“ValleyRat isn’t dangerous because it’s loud. It’s dangerous because it’s patient.” (Jim Love, 07:40)
On National Security:
“There’s an old rule in national security—if you’re hearing about a classified capability, it’s probably already been surpassed internally.” (Jim Love, 11:58)

Timestamps for Important Segments

Magecart Update: 01:10–03:40
HPE OneView Vulnerability: 03:41–06:10
ValleyRat Malware: 06:11–08:05
WhatsApp Zero-Click Exploit: 08:06–10:30
AI Cyber Defense by U.S. Labs: 10:31–12:20

Tone and Style

Jim Love delivers the news in a direct, pragmatic, and informative style. He provides both technical depth and practical security recommendations, balancing urgency with calm guidance. The tone is professional yet accessible, encouraging vigilance without fear-mongering.

Conclusion

The episode underscores a central tenet: cyber threats continue to evolve, often bypassing traditional security measures through patience and subtlety. Enterprises and individuals alike must adopt continuous monitoring, rapid patching, and behavioral detection tools, while remaining alert to both confirmed and rumored vulnerabilities. On the cutting edge, government investment in AI-driven simulation may keep defenders a step ahead, but public disclosure only hints at deeper capabilities.

Cybersecurity Today with Jim Love

Episode: HPE Open View Vulnerability Hits CISA Known Exploited List
Date: January 14, 2026

Overview

Key Discussion Points & Insights

1. Ongoing Magecart Skimming Campaigns

Timestamp: 01:10–03:40

Discovery:
A vast, active Magecart skimming campaign has been uncovered, operating since at least 2022 and targeting global payment card networks such as American Express, Diners Club, Discover, and MasterCard.
How Magecart Works:
Magecart isn’t a single group; it's an umbrella term for attacks using web skimmers—malicious JavaScript injected into online checkout pages to siphon payment details in real time. Originally spotted on Magento stores, these attacks now endanger any e-commerce platforms processing payments.
Threat Dynamics:
Since skimming happens client-side, it's often invisible to perimeter security; server logs may not reflect the intrusion. User-visible signs are minimal—perhaps a sudden request to re-enter payment info—but data may already be stolen, even if transactions fail.
Recommendations:
- Consumers should vigilantly monitor card statements, especially after odd checkout experiences.
- For businesses:
  “Silent Push’s findings underline the need for proactive code inspection, not just patching servers, but continuously validating the scripts actually running in production checkout flows.” (Jim Love, 03:22)

2. HPE OneView Vulnerability (CVE-2025-37164)

Timestamp: 03:41–06:10

Issue Summary:
A maximum severity (CVSS 10) remote code execution bug in HPE OneView makes it onto CISA’s Known Exploited Vulnerabilities (KEV) list. This platform centrally manages servers, storage, and networking.
Debate Over Exploitation Evidence:
HPE maintains that there are no known customer reports of exploitation, and Rapid7 corroborates, having seen no incidents. However, CISA’s listing is based on some evidence of exploitation, increasing the urgency for users.
Risk & Remediation:
Because OneView occupies a highly privileged network spot, the recommendation is unequivocal:
“The remediation is straightforward and urgent. Patch immediately. HPE has released a hotfix…” (Jim Love, 05:55)
Rapid7 advises treating the situation as if a breach has already occurred.

3. ValleyRat Malware – Persistent Credential and Data Theft

Timestamp: 06:11–08:05

Malware Capabilities:
Valirat is a new remote access trojan meant to silently steal financial data and credentials, maintain long-term surreptitious access, and facilitate lateral movement.
Stealth Techniques:
ValleyRat utilizes legitimate Windows tools (“living off the land”) to evade detection, blends in with normal activity, and establishes multiple persistent footholds.
Remediation Advice:
- Behavior-based monitoring is preferred over signature-based antivirus.
- Signs include unexpected use of PowerShell, odd outbound connections, and persistence after attempted removal.
Quote Highlight:
“ValleyRat isn’t dangerous because it’s loud. It’s dangerous because it’s patient. For security teams, the absence of alerts doesn’t mean the absence of attackers…” (Jim Love, 07:40)

4. Suspected Zero-Click WhatsApp Exploit

Timestamp: 08:06–10:30

The Vulnerability:
Reports (unconfirmed) detail a zero-day allowing attackers to compromise smartphones via a specially-crafted WhatsApp voice call—even if the call isn’t answered.
Scope & Concerns:
Details are scant; both iOS and Android devices could be vulnerable, but Meta has not confirmed nor provided a patch. No independent analysis or mass exploitation reported so far.
Cautionary Measures:
- Keep WhatsApp updated.
- Limit incoming calls where possible.
- Unexplained device behaviors (crashes, overheating) after missed calls could be a red flag.
Perspective:
“So until more details are available, mitigation options are limited. Users should ensure WhatsApp is fully updated and restrict who can call them where possible…” (Jim Love, 10:12)

5. AI in National Security – Cyber Attack Simulations

Timestamp: 10:31–12:20

Breakthroughs in Defense:
U.S. national laboratories are pioneering generative AI tools to simulate cyber attacks. At Pacific Northwest National Laboratory, AI models adversarial tactics so defenders can proactively test environments and uncover vulnerabilities before real attackers strike.
Insightful Observation:
“If you’re hearing about a classified capability, it’s probably already been surpassed internally. And the same logic applies here…” (Jim Love, 11:58)
Publicly acknowledged projects may indicate that the U.S. is already several steps ahead in the AI cyber race.

Notable Quotes & Memorable Moments

On Magecart:
“Magecart isn’t a single group. It’s a label used for a class of attacks that inject malicious JavaScript … The skimmer runs in the customer’s browser, copying payment details in real time and sending them to attacker-controlled servers.” (Jim Love, 01:50)
On Silent Threats:
“ValleyRat isn’t dangerous because it’s loud. It’s dangerous because it’s patient.” (Jim Love, 07:40)
On National Security:
“There’s an old rule in national security—if you’re hearing about a classified capability, it’s probably already been surpassed internally.” (Jim Love, 11:58)

Timestamps for Important Segments

Magecart Update: 01:10–03:40
HPE OneView Vulnerability: 03:41–06:10
ValleyRat Malware: 06:11–08:05
WhatsApp Zero-Click Exploit: 08:06–10:30
AI Cyber Defense by U.S. Labs: 10:31–12:20

wavePod

HPE Open View Vulnerability Hits CISA Known Exploited List

Powered by Wave AI

Summary

Cybersecurity Today with Jim Love

Overview

Key Discussion Points & Insights

1. Ongoing Magecart Skimming Campaigns

2. HPE OneView Vulnerability (CVE-2025-37164)

3. ValleyRat Malware – Persistent Credential and Data Theft

4. Suspected Zero-Click WhatsApp Exploit

5. AI in National Security – Cyber Attack Simulations

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style

Conclusion

Summary

Cybersecurity Today with Jim Love

Overview

Key Discussion Points & Insights

1. Ongoing Magecart Skimming Campaigns

2. HPE OneView Vulnerability (CVE-2025-37164)

3. ValleyRat Malware – Persistent Credential and Data Theft

4. Suspected Zero-Click WhatsApp Exploit

5. AI in National Security – Cyber Attack Simulations

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style

Conclusion