VulnHub

A serious security flaw known as 'MongoBleed' has been identified in MongoDB servers, allowing attackers who are not authenticated to access sensitive information like passwords and tokens. This vulnerability is currently being exploited in the wild, raising significant concerns for organizations using MongoDB. The issue stems from a memory leak that can be exploited by attackers to extract confidential data directly from the servers. Companies running affected versions of MongoDB should prioritize patching their systems to mitigate the risk of unauthorized data access. Given the potential for serious data breaches, immediate action is essential for any organization relying on MongoDB for data storage.

Hackers using the RondoDox botnet are exploiting a vulnerability in Next.js known as React2Shell to take control of over 90,000 unpatched devices. This includes a range of products such as routers, smart cameras, and small business websites. The attack is particularly concerning because it targets devices that often lack regular updates or security patches, making them easy targets for cybercriminals. Users of these devices should be vigilant and consider updating their systems to protect against this growing threat. The scale of the devices affected raises alarms about the potential for widespread disruption if left unaddressed.

Over 10,000 Fortinet firewalls are currently at risk due to a two-factor authentication (2FA) bypass vulnerability that has been known for five years. This vulnerability allows attackers to exploit systems that have not implemented proper security measures, potentially granting them unauthorized access to sensitive data and networks. The issue is particularly pressing because it affects devices that are publicly accessible on the internet, increasing the likelihood of exploitation. Organizations using these firewalls need to act quickly to secure their systems and protect against potential breaches. It's crucial for users to verify their configurations and apply any available updates to mitigate this serious risk.

The RondoDox botnet has been actively exploiting the React2Shell vulnerability to target Next.js servers since December. This vulnerability allows attackers to compromise systems that are not properly secured, potentially leading to unauthorized access and control. Organizations using Next.js should be particularly vigilant, as the botnet's operators are weaponizing this flaw to expand their reach. It’s crucial for companies to implement security measures to protect their servers from these types of attacks. As the situation develops, users need to stay informed about their server configurations and ensure they are updated against known vulnerabilities.

In April and May 2023, a Chinese advanced persistent threat (APT) group exploited a zero-day vulnerability in Ivanti's Endpoint Mobile Management (EPMM) platform, impacting thousands of organizations. This attack allowed unauthorized access and control over mobile devices managed through Ivanti's software, raising serious concerns about the security of sensitive data within those systems. The incident serves as a stark reminder of the vulnerabilities that can exist in widely used management tools. Security experts warn that similar attacks could occur again if organizations do not take proactive measures to secure their systems. Companies using Ivanti EPMM should assess their security posture and implement necessary updates to prevent future breaches.

The RondoDox botnet has been identified exploiting a serious vulnerability known as React2Shell (CVE-2025-55182) to compromise Next.js servers. This flaw allows attackers to inject malware and cryptominers into systems that have not been properly secured. Organizations using Next.js frameworks are particularly at risk, as the botnet targets these servers directly. This incident underscores the necessity for companies to regularly update their software and apply security patches to prevent such attacks. The ongoing exploitation of this vulnerability poses significant risks to data integrity and can lead to unauthorized resource usage, impacting both performance and costs for affected users.

The European Space Agency (ESA) has confirmed a security breach that affected its external science servers. The incident came to light after a hacker attempted to sell stolen data from these servers. While the ESA is currently investigating the breach, details about the extent of the data compromised have not been fully disclosed. This incident raises concerns about the security of sensitive scientific data and the potential implications for ongoing research and collaboration within the space sector. The breach highlights the increasing vulnerability of even highly specialized organizations to cyberattacks, underscoring the need for robust cybersecurity measures.

A serious vulnerability known as MongoBleed (CVE-2025-14847) was disclosed shortly after Christmas 2023, allowing attackers to remotely access and leak memory from unpatched MongoDB servers using zlib compression, without requiring any authentication. This flaw primarily affects deployments of MongoDB Server that utilize zlib network compression, a common feature in many setups. The vulnerability is significant because it exposes sensitive data stored in these databases, potentially impacting organizations across the U.S., China, and the EU. Cybersecurity experts are urging companies that use MongoDB to assess their systems for this vulnerability and apply necessary updates or patches to protect against exploitation. The situation highlights ongoing security challenges in the management of popular open-source database systems.