VulnHub

The RondoDox botnet has been identified exploiting a serious vulnerability known as React2Shell (CVE-2025-55182) to compromise Next.js servers. This flaw allows attackers to inject malware and cryptominers into systems that have not been properly secured. Organizations using Next.js frameworks are particularly at risk, as the botnet targets these servers directly. This incident underscores the necessity for companies to regularly update their software and apply security patches to prevent such attacks. The ongoing exploitation of this vulnerability poses significant risks to data integrity and can lead to unauthorized resource usage, impacting both performance and costs for affected users.

A serious vulnerability known as MongoBleed (CVE-2025-14847) was disclosed shortly after Christmas 2023, allowing attackers to remotely access and leak memory from unpatched MongoDB servers using zlib compression, without requiring any authentication. This flaw primarily affects deployments of MongoDB Server that utilize zlib network compression, a common feature in many setups. The vulnerability is significant because it exposes sensitive data stored in these databases, potentially impacting organizations across the U.S., China, and the EU. Cybersecurity experts are urging companies that use MongoDB to assess their systems for this vulnerability and apply necessary updates or patches to protect against exploitation. The situation highlights ongoing security challenges in the management of popular open-source database systems.

Fortinet has issued a warning about ongoing attacks that exploit an old vulnerability in its FortiOS software, identified as CVE-2020-12812. This flaw allows attackers to bypass two-factor authentication, which can significantly compromise the security of affected systems. Organizations using FortiOS should be particularly vigilant, as this vulnerability has resurfaced in active attacks. The potential for unauthorized access puts sensitive data at risk, making it critical for users to address this issue promptly. Cybersecurity teams are urged to review their systems and implement necessary updates to safeguard against these threats.

A serious vulnerability in MongoDB, designated as CVE-2025-14847 and known as MongoBleed, is currently being exploited globally. This flaw, which has a CVSS score of 8.7, allows attackers to access sensitive data stored in the server's memory without needing authentication. Researchers have identified over 87,000 instances of MongoDB that could be affected by this issue. The potential for data leakage poses a significant risk to organizations using this database technology, making it critical for them to address the vulnerability promptly. Companies should assess their systems and implement necessary security measures to safeguard against this ongoing threat.

A serious vulnerability known as MongoBleed (CVE-2025-14847) is currently being exploited, exposing over 80,000 MongoDB servers on the public internet. This flaw affects multiple versions of MongoDB, allowing attackers to potentially access sensitive information stored on these servers. The scale of the exposure raises significant security concerns, as many organizations may not be aware that their databases are at risk. Companies using affected MongoDB versions should take immediate action to secure their data and prevent unauthorized access. Failure to address this vulnerability could lead to severe data breaches and loss of sensitive information.

Fortinet has alerted users about the active exploitation of a five-year-old vulnerability in its FortiOS SSL VPN, identified as CVE-2020-12812. This flaw, which has a CVSS score of 5.2, involves improper authentication and is particularly dangerous under specific configurations. Researchers have recently observed this vulnerability being abused in real-world attacks, which means organizations using affected versions of FortiOS SSL VPN should take immediate action to secure their systems. The ongoing exploitation of such an outdated vulnerability underscores the need for companies to regularly update their security measures and ensure proper configuration to protect against potential attacks.

Fortinet has reported that a five-year-old vulnerability in its FortiOS SSL VPN is being actively exploited. This flaw, identified as CVE-2020-12812, allows attackers to bypass two-factor authentication under specific configurations, enabling unauthorized access to systems. Organizations using affected versions of FortiOS SSL VPN should be particularly vigilant, as this vulnerability could lead to significant security breaches. The issue emphasizes the need for users to ensure their VPN configurations are secure and up-to-date. Fortinet's warning serves as a critical reminder of the importance of addressing known vulnerabilities, even those that have been around for several years.

Cisco has disclosed a critical zero-day vulnerability, tracked as CVE-2025-20393, affecting its Secure Email Gateway and Secure Email/Web Manager products. This vulnerability is currently being exploited by a China-linked advanced persistent threat group known as UAT-9686. The attack campaign began on December 10 and targets specific systems, raising significant concerns for organizations relying on these Cisco products. Users and administrators should be particularly vigilant, as this active exploitation could lead to unauthorized access and data breaches. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on email security and the sensitive information handled by these systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability, tracked as CVE-2025-59374, found in the Asus Live Update tool. This flaw acts as a backdoor that attackers can exploit, making it a significant concern for anyone using affected Asus devices. The vulnerability stems from a supply chain attack, meaning it was introduced during the software development process rather than through direct hacking. This situation puts users at risk, as the compromised update tool could allow unauthorized access to their systems. Asus users should take this warning seriously and ensure their devices are not vulnerable to exploitation.

A new vulnerability, tracked as CVE-2025-20393, has been discovered in Cisco's Secure Email Gateway and Secure Email and Web Manager appliances. This zero-day flaw is reportedly being exploited by hackers linked to China, posing a significant risk to organizations using these products. The vulnerability allows attackers to bypass security controls, potentially leading to unauthorized access and data breaches. Companies using these Cisco appliances should prioritize patching and monitoring their systems to mitigate the risks associated with this exploit. The discovery of this flaw is particularly concerning given the ongoing cyber threats targeting critical infrastructure and enterprise environments.