svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 28, 2025

Private VPN — just $1.2/mo

OrthopedicsNY fined $500K for exposing 650,000 patient records

New York Attorney General fined OrthopedicsNY $500,000 for failing to protect 650,000 patient and employee records after a 2023 ransomware attack by INC ransom gang. Compromised credentials allowed attackers to access unencrypted Social Security, driver’s license, and passport numbers for 110,000 individuals, prompting mandated security upgrades.
Source: DataBreaches.net

High-severity MongoDB flaw exposes uninitialized heap memory

A vulnerability (CVE-2025-14847, CVSS 8.7) in MongoDB allows unauthenticated attackers to read uninitialized heap memory via mismatched Zlib compression headers. Affected versions include MongoDB 4.0–8.2.3, with fixes released in patched versions.
Impact: Sensitive in-memory data disclosure, including internal state or pointers.
Mitigation: Upgrade to fixed versions or disable Zlib compression (use snappy/zstd).
Source: The Hacker News

Share this brief: https://svo.bz/740N

If you want to support us, you can donate here: Donate