MongoBleed (CVE-2025-14847) is basically Heartbleed for MongoDB
- unauthenticated memory disclosure
- public POC, trivial to exploit
- leaks creds, tokens, cloud keys straight from RAM
- huge exposed surface on the internet
Good writeups and technical details here:
https://t.co/LgK4RABmJu
https://t.co/DWtByJQ3au
https://t.co/LUwfnF6uXG
Patch fast, rotate secrets, and assume exposed instances were scanned(!)
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
It's OSINT time! 👇