Cybersecurity

⚡ Weekly Recap: Mongodb Attacks, Wallet Breaches, Android Spyware,...

2025-12-29 0 views admin
⚡ Weekly Recap: Mongodb Attacks, Wallet Breaches, Android Spyware,...

Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately.

A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not stop when an incident was "over" — it continued to surface months or even years later.

This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat landscape in the final stretch of 2025 and what deserves your attention now.

MongoDB Vulnerability Comes Under Attack — A newly disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. The exact details surrounding the nature of attacks exploiting the flaw are presently unknown. Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Data from attack surface management company Censys shows that there are more than 87,000 potentially vulnerable instances, with a majority of them located in the U.S., China, Germany, India, and France. Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847. This includes both internet-exposed and internal resources.

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week's most serious security flaws. Check them, fix what matters first, and stay protected.

This week's list includes — CVE-2025-14847 (MongoDB), CVE-2025-68664 (LangChain Core), CVE-2023-52163 (Digiever DS-2105 Pro), CVE-2025-68613 (n8n), CVE-2025-13836 (Python http.client), CVE-2025-26794 (Exim), CVE-2025-68615 (Net-SNMP), CVE-2025-44016 (TeamViewer DEX Client), and CVE-2025-13008 (M-Files Server).

Disclaimer: These tools are for learning and research only. They haven't been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws.

This weekly recap brings those stories together in one p

Source: The Hacker News

🏷️ Tags

securityhackbreachvulnerabilitycve

More from Cybersecurity

Trust Wallet Says 2,596 Wallets Drained In $7 Million Crypto Theft...

Trust Wallet Says 2,596 Wallets Drained In $7 Million Crypto Theft...

2025-12-29 0
New Real-world Attacks Behind Owasp Agentic AI Top 10 2025

New Real-world Attacks Behind Owasp Agentic AI Top 10 2025

2025-12-29 0
Chatgpt Finally Rolls Out Thinking Time Toggle On Mobile 2025

Chatgpt Finally Rolls Out Thinking Time Toggle On Mobile 2025

2025-12-29 0
Critical Sboms In 2026: Some Love, Some Hate, Much Ambivalence

Critical Sboms In 2026: Some Love, Some Hate, Much Ambivalence

2025-12-29 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views