MongoDB – MCYSEKA-Maritime Cyber Security Knowledge Archive

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQL database used to store and manage data […]

December 31, 2025

0 comment

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

December 31, 2025

0 comment

U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a MongoDB Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a MongoDB Server vulnerability, tracked as CVE-2025-14847 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. The recently disclosed MongoDB vulnerability CVE-2025-14847 (aka MongoBleed) is being actively exploited, with more […]

December 30, 2025

0 comment

Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data.

December 29, 2025

0 comment

Fresh MongoDB Vulnerability Exploited in Attacks

Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers.
The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek.

December 29, 2025

0 comment

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII.

December 15, 2025

0 comment

New framework sets baseline for SaaS security controls

Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself. That l…

September 25, 2025

0 comment

npm Malware Targets Crypto Wallets, MongoDB; Code Points to Turkey

Sonatype discovered ‘crypto-encrypt-ts’, a malicious npm package impersonating the popular CryptoJS library to steal crypto and personal data.…

May 2, 2025

0 comment

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration

Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.

March 27, 2025

0 comment

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.
The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.

February 21, 2025

0 comment

1 2

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31