Find notable cyber news and cases, enriched with sources, timelines, and signals.

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-14847 is being actively exploited against MongoDB deployments, putting a global pool of 87,000+ potentially susceptible instances at risk. The wave matters because the flaw can leak sensitive memory from servers before authentication and without user interaction. Exposure is broad because the vulnerable zlib compression path is the default on affected instances.

Related Happenings

Squid web proxy heap over-read security flaw (CVE-2026-47729)

Vulnerability
H score37 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid web proxy** is affected by **CVE-2026-47729**, a **heap over-read** that can leak another user's **cleartext HTTP request**, including **credentials** or **session tokens*...

Ubiquiti UniFi OS security updates (multiple vulnerabilities)

Security Patch Release
H score28 First: 22.05.2026 15:00 Last: 22.05.2026 15:00 Sources 1

About this happening: **Ubiquiti** released **security updates** for **UniFi OS** to close **five vulnerabilities**, including **three maximum-severity flaws** that could let **remote attackers without...

Latest development: 24.06.2026 15:32

CISA warned that threat actors were targeting CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 in Ubiquiti UniFi OS devices after the flaws were patched in UniFi OS Server 5.0.8, and multiple users reported that the bugs were exploited in the wild, likely as zero-days, to create rogue administrator accounts named John Sim.

PCPJack TeamPCP-targeting cloud credential theft campaign

Campaign
H score37 First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

About this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...

Zimbra Collaboration Suite actively exploited XSS flaw (CVE-2025-48700)

Vulnerability
H score74 First: 24.04.2026 16:35 Last: 24.04.2026 16:35 Sources 1

About this happening: **CVE-2025-48700** is an **actively exploited XSS flaw** in **Zimbra Collaboration Suite (ZCS)** that can let unauthenticated attackers run JavaScript inside a user's session and...

ComfyUI cryptomining and proxy botnet campaign targeting exposed instances

Campaign
H score58 First: 07.04.2026 15:46 Last: 07.04.2026 15:46 Sources 1

About this happening: An **active ComfyUI campaign** is scanning exposed instances, exploiting unsafe custom nodes, and enlisting compromised hosts into a **cryptomining and proxy botnet**. The operati...

Timeline

  1. 29.12.2025 09:49 2 articles · 6mo ago

    MongoDB CVE-2025-14847 active exploitation and exposure scope

    Initial Disclosure

    MongoDB CVE-2025-14847, codenamed MongoBleed, is being actively exploited in the wild against MongoDB Server instances with zlib compression enabled, which is the default configuration. Censys identified more than 87,000 potentially vulnerable instances worldwide, with a majority in the U.S., China, Germany, India, and France, and Wiz said 42% of cloud environments have at least one MongoDB instance in a vulnerable version. The flaw in the zlib-based message decompression path can let an unauthenticated attacker leak sensitive data from MongoDB server memory before authentication, so operators are advised to update to fixed MongoDB Server releases, disable zlib compression where appropriate, restrict network exposure, and monitor MongoDB logs for anomalous pre-authentication connections.

    Show sources