Hosted on MSN

An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit

You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you? A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week ...
heise online

"MongoBleed": Exploit for critical vulnerability in MongoDB makes attacks easier

According to the details about the vulnerability published shortly before Christmas, attackers can exploit a flaw in the zlib compression software to access non-reset dynamic memory (heap memory).
Bleeping Computer

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the ...
MSN on MSN

CISA ordered agencies to patch the actively exploited MongoBleed flaw before attackers spread

Federal agencies that rely on MongoDB now face a hard deadline to fix a vulnerability that lets unauthenticated attackers ...
heise online

MongoDB: Critical Security Vulnerability in NoSQL Database

The security team of the NoSQL database software MongoDB documented a critical security vulnerability on Friday: "A client-side exploit of the server's zlib implementation can return uninitialized ...