VulnHub

The European Space Agency (ESA) has confirmed a data breach after a hacker, known as '888', attempted to sell stolen data online. The breach involved external science servers, raising concerns about the security of sensitive information related to ESA's projects. This incident highlights the risks that organizations face from cybercriminals looking to exploit vulnerabilities for financial gain. The ESA's acknowledgment of the breach indicates that they are taking steps to address the situation, but the full scope of the data compromised remains unclear. As this breach could potentially affect ongoing scientific research and collaborations, it underscores the need for robust cybersecurity measures in institutions handling critical data.

The RondoDox botnet has been identified exploiting a serious vulnerability known as React2Shell (CVE-2025-55182) to compromise Next.js servers. This flaw allows attackers to inject malware and cryptominers into systems that have not been properly secured. Organizations using Next.js frameworks are particularly at risk, as the botnet targets these servers directly. This incident underscores the necessity for companies to regularly update their software and apply security patches to prevent such attacks. The ongoing exploitation of this vulnerability poses significant risks to data integrity and can lead to unauthorized resource usage, impacting both performance and costs for affected users.

A serious vulnerability known as MongoBleed (CVE-2025-14847) was disclosed shortly after Christmas 2023, allowing attackers to remotely access and leak memory from unpatched MongoDB servers using zlib compression, without requiring any authentication. This flaw primarily affects deployments of MongoDB Server that utilize zlib network compression, a common feature in many setups. The vulnerability is significant because it exposes sensitive data stored in these databases, potentially impacting organizations across the U.S., China, and the EU. Cybersecurity experts are urging companies that use MongoDB to assess their systems for this vulnerability and apply necessary updates or patches to protect against exploitation. The situation highlights ongoing security challenges in the management of popular open-source database systems.

On December 26, 2023, the Oltenia Energy Complex, Romania's largest coal-based energy producer, fell victim to a ransomware attack attributed to the Gentlemen ransomware group. The attack severely disrupted the company's IT infrastructure, impacting its ability to operate effectively. Although specific details about the extent of the damage or data breaches have not been disclosed, the incident raises concerns about the vulnerability of critical infrastructure to cyber threats. As energy providers are essential for public services, such attacks can significantly affect energy supply and operational stability. Authorities and cybersecurity experts are likely to investigate the incident further to understand its implications and improve defenses against similar attacks in the future.

Fortinet has issued a warning about ongoing attacks that exploit an old vulnerability in its FortiOS software, identified as CVE-2020-12812. This flaw allows attackers to bypass two-factor authentication, which can significantly compromise the security of affected systems. Organizations using FortiOS should be particularly vigilant, as this vulnerability has resurfaced in active attacks. The potential for unauthorized access puts sensitive data at risk, making it critical for users to address this issue promptly. Cybersecurity teams are urged to review their systems and implement necessary updates to safeguard against these threats.

Fortinet has issued a warning about a vulnerability in FortiOS that has been around for five years but is still being exploited by attackers. This flaw allows unauthorized users to bypass two-factor authentication (2FA) on FortiGate firewalls, which are widely used by organizations to secure their networks. The continued exploitation of this vulnerability poses a significant risk to companies relying on these firewalls, as it can lead to unauthorized access and potential data breaches. Users of FortiGate firewalls are urged to take immediate action to protect their systems by applying available security updates. This situation serves as a reminder of the importance of keeping software up to date and addressing known vulnerabilities promptly.

A newly discovered vulnerability in MongoDB, referred to as MongoBleed, poses a significant risk by allowing remote attackers to extract sensitive information from affected servers without authentication. This flaw has been exploited in real-world attacks, raising alarms among organizations that utilize MongoDB for their data management. The vulnerability's ability to leak data could expose sensitive customer information, business secrets, and other critical data. Companies using MongoDB should prioritize patching their servers to mitigate potential breaches. It's crucial for users to remain vigilant and ensure their systems are secure against this emerging threat.

A serious vulnerability in MongoDB, designated as CVE-2025-14847 and known as MongoBleed, is currently being exploited globally. This flaw, which has a CVSS score of 8.7, allows attackers to access sensitive data stored in the server's memory without needing authentication. Researchers have identified over 87,000 instances of MongoDB that could be affected by this issue. The potential for data leakage poses a significant risk to organizations using this database technology, making it critical for them to address the vulnerability promptly. Companies should assess their systems and implement necessary security measures to safeguard against this ongoing threat.

Fortinet has reported that a five-year-old vulnerability in its FortiOS SSL VPN is being actively exploited. This flaw, identified as CVE-2020-12812, allows attackers to bypass two-factor authentication under specific configurations, enabling unauthorized access to systems. Organizations using affected versions of FortiOS SSL VPN should be particularly vigilant, as this vulnerability could lead to significant security breaches. The issue emphasizes the need for users to ensure their VPN configurations are secure and up-to-date. Fortinet's warning serves as a critical reminder of the importance of addressing known vulnerabilities, even those that have been around for several years.