ransomware victims coming thick and fast this week the logic here is encrypt just before Xmas, more likely to pay to try to recover before Xmas (spoiler: most of those orgs won't recover before Xmas either way).

HPE OneView CVE-2025-37164 worth paying attention to - Widely used enterprise management software - HPE added a REST command, executeCommand, which requires no authentication to execute commands. Obviously, this is dumb and now patched out - Being on OneView allows attacker to access VMware, 3PAR storage etc by design - Expect exploitation in the wild as it's so simple - The vulnerability (executeCommand) was introduced around 2020, feels like a vulndoor Shodan dork: product:"HPE OneView"

Arc Raiders continues to delight. It reminds me a lot of Fallout 76, which was designed to be an intense PvP Rust like experience. Instead, everybody was super nice. In Arc Raiders I just have match after solo match and meet other players who are super nice guys from Finland. It’s months in and I haven’t been killed once.

New Epstein photos dropped.

BBC News

New Epstein photos from House Democrats show high-profile figures, island plans and passports

The images released today are related to the late convicted sex offender and are separate from the "Epstein files" held by the justice department.