MongoDB
-
Threat actor compromises about 1,400 exposed MongoDB servers in low-value extortion campaign
A technical analysis found a threat actor compromised about 1,400 exposed MongoDB servers, leaving ransom notes demanding about 0.005 BTC per victim. Researchers identified roughly 208,500 exposed servers and many running outdated versions.
-
MongoDB zlib flaw CVE-2025-14847 exploited in the wild with more than 87,000 instances at risk
CVE-2025-14847, dubbed MongoBleed, is actively exploited and can leak MongoDB server memory. More than 87,000 potentially vulnerable instances were identified. Apply vendor patches or disable zlib compression and limit exposure until fixed.
