The United States government has just issued a high-level alert regarding two dangerous security flaws that are currently being used by cybercriminals to break into computer systems. These aren’t just theoretical problems discussed by researchers; the Cybersecurity and Infrastructure Security Agency, known as CISA, has officially confirmed that bad actors are actively exploiting these gaps right now. By adding them to the “Known Exploited Vulnerabilities” list, the government is sending a clear message to every business and home user: if you haven’t updated your software, you are a sitting duck.

The two pieces of software in the crosshairs couldn’t be more different, yet they both present a massive risk. One involves a classic program millions use every day—Microsoft PowerPoint—while the other affects a powerful management tool used by big companies called HPE OneView. Because these flaws allow hackers to take control of a computer from a distance, the level of danger is being ranked at the highest possible scale.

A Massive Security Gap in Your Business Infrastructure

One of the most concerning parts of this report involves Hewlett Packard Enterprise (HPE) and their OneView software. This tool is designed to help IT teams manage huge amounts of data and hardware from one central spot. Unfortunately, a massive hole labeled CVE-2025-37164 has been discovered, and it is about as bad as it gets. On the standard scale used to measure how dangerous a bug is, this one received a perfect 10 out of 10.

The reason this is so terrifying is that a hacker doesn’t even need a password to get in. From a remote location, an unauthenticated user can essentially “inject” their own malicious code into the system. Once they do that, they can run whatever commands they want, effectively hijacking the entire server. Recent reports from late 2025 showed that a step-by-step guide on how to perform this attack was released to the public. This means that even amateur hackers can now follow a “cheat sheet” to break into massive corporate networks that use older versions of this HPE software.

Don’t Let a Simple Presentation Compromise Your PC

The second threat might seem like a blast from the past, but it is proving to be a persistent nightmare. A flaw in Microsoft Office PowerPoint, known as CVE-2009-0556, is back in the news because hackers are still finding ways to use it against unsuspecting victims. This particular bug messes with how a computer’s memory handles a PowerPoint file. When a person opens a booby-trapped presentation, the file corrupts the computer’s memory in a way that lets the hacker take over the machine.

It is a classic trick: send an email with an interesting-looking attachment, wait for the user to click “Open,” and suddenly the hacker has a foothold in the system. Even though this issue has been known for some time, the fact that it is being actively exploited today shows that many people are still running outdated versions of Office. It serves as a grim reminder that hackers don’t always need the newest tricks; they are perfectly happy using old keys if you haven’t bothered to change the locks.

The Clock Is Ticking to Secure Your Systems

The U.S. government isn’t just suggesting that people fix these problems—they are demanding it for federal agencies. Under a strict set of rules, government offices have until January 28, 2026, to get these patches installed. While these rules technically apply to federal workers, security experts say that private businesses and individuals should follow the same exact timeline. Every day that passes without an update is another day that a hacker could use that public “cheat sheet” to steal your data or lock down your files.

For those using HPE OneView, the company has released special “hotfixes” and a major update, version 11.00, which closes the door on these attackers. If you are using any version older than that, you are at risk. Similarly, keeping your Microsoft Office suite updated to the latest version is the only way to stay safe from the PowerPoint exploit. The message from the experts is simple: don’t wait for a disaster to happen. The instructions on how to rob you are already out there, so make sure you’ve closed the window before someone climbs through.