Pierluigi Paganini
December 30, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a MongoDB Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a MongoDB Server vulnerability, tracked as CVE-2025-14847 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. The recently disclosed MongoDB vulnerability CVE-2025-14847 (aka MongoBleed) is being actively exploited, with more […]
Pierluigi Paganini
December 29, 2025
A recently disclosed MongoDB flaw (MongoBleed) is under active exploitation, with over 87,000 potentially vulnerable instances exposed worldwide. A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 (aka MongoBleed, CVSS score of 8.7), is being actively exploited, with more than 87,000 potentially vulnerable instances identified worldwide. Cybersecurity researcher Joe Desimone published a proof-of-concept exploit for this vulnerability […]
Pierluigi Paganini
December 25, 2025
MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-14847 (CVSS score 8.7), an unauthenticated, remote attacker can exploit the issue to execute arbitrary code on vulnerable servers. “An client-side exploit of the Server’s zlib implementation can return uninitialized heap […]
Pierluigi Paganini
July 22, 2020
Dozens of unsecured databases exposed online web wiped by threat actors as part of a campaign tracked as Meow attack. Experts observed dozens of unsecured Elasticsearch and MongoDB instances exposed online that were inexplicably wiped by threat actors as part of a campaign tracked as Meow attack. The Meow attack began recently and attackers did […]
Pierluigi Paganini
July 03, 2020
A new wave of attacks is targeting unsecured MongoDB database servers and wiping their content attempting to extort a ransom to the victims. The popular security expert Victor Gevers from the non-profit GDI Foundation reported a new wave of attacks that are targeting unsecured MongoDB database servers exposed online. Threat actors are wiping the content […]
Pierluigi Paganini
May 18, 2019
Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online over the past three. Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data. Unfortunately, the criminal practice of deleting MongoDB databases and request a ransom to restore data is common, experts […]
Pierluigi Paganini
April 21, 2019
Security researcher discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online containing over 6.7M records. Security researcher Bob Diachenko discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online without protection. The MongoDB instance named ‘doroshke-invoice-production‘ contained over 6.7 million records of […]
Pierluigi Paganini
March 12, 2019
Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status. Another data leak made the headlines, this time a database containing a creepy set of details collected on more than 1.8 million women in China was left unprotected online. The huge trove of […]
Pierluigi Paganini
November 08, 2018
Records associated with 689,272 plaintext records Amex India customers were exposed online via unsecured MongoDB server. Personal details of nearly 700,000 American Express (Amex India) India customers were exposed online via an unsecured MongoDB server. The huge trove of data was discovered by Bob Diachenko from cybersecurity firm Hacken, most of the records were encrypted, but […]
Pierluigi Paganini
April 30, 2018
Security experts at Kromtech discovered a MongoDB exposed personal details of 25,000 users tied to the Bezop cryptocurrency. Security researchers at cybersecurity firm Kromtech have discovered a MongoDB database containing the personal details of over 25,000 Bezop (BEZ) cryptocurrency users. There are 1384 cryptocurrencies as of Jan 2018. One of them had a database of 25K active […]
Malware / December 30, 2025
