svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 29, 2025

Private VPN — just $1.2/mo

MongoBleed Vulnerability Actively Exploited, 87K MongoDB Servers Exposed

A critical MongoDB vulnerability (CVE-2025-14847) dubbed MongoBleed allows attackers to leak sensitive in-memory data (credentials, API keys, PII) without authentication. Over 87,000 MongoDB instances are exposed online, with exploitation already observed in the wild.
Impact: Remote data leakage, credential compromise, and potential lateral movement.
Mitigation: Patch to fixed versions (8.2.3, 8.0.17, etc.) or disable zlib compression; monitor for unusual connections.
Source: BleepingComputer

WIRED Database Leaked (2.3M Records), Condé Nast Threatened with 40M More

A hacker (“Lovely”) leaked 2.3M WIRED subscriber records (emails, names, addresses) and claims to hold 40M more from Condé Nast properties. The breach followed ignored vulnerability reports.
Source: BleepingComputer

Lithuanian Hacker Extradited for $1.8M Cryptocurrency Theft via Malware

A 29-year-old Lithuanian national was extradited to South Korea for allegedly stealing $1.8M in crypto by infecting victims with malware that redirected transactions to his wallets.
Source: DataBreaches.net

Coinbase Insider Arrested in India for Data Breach Involving Bribed Agents

A former Coinbase customer service agent was arrested in India for allegedly selling user data to hackers who bribed employees. The breach exposed sensitive user information earlier in 2025.
Source: DataBreaches.net

Thousands of Medical Records Found in Auctioned Storage Unit

A Memphis storage unit auction revealed patient records (including SSNs, X-rays) from a defunct dental practice. The dentist reclaimed the unit, but legal ownership of the data remains unclear.
Source: DataBreaches.net

Ukrainian Teen Sentenced for Sharing Military Data with Russian Spy

A 16-year-old Ukrainian girl received probation for transmitting military facility locations to a Russian agent in exchange for ~$100. The case highlights ongoing cyber-espionage risks.
Source: DataBreaches.net

Oregon Health Plans Notify Members of Unauthorized Data Access

CareOregon and Health Share Oregon disclosed an incident where member data (Medicaid IDs, PCP info) was viewed without authorization, possibly for fake insurance claims. No SSNs or financial data were exposed.
Source: DataBreaches.net

Steward Health Care Doctors Liable Due to Insurance Failures

Doctors face personal liability for malpractice settlements after Steward Health Care’s insurer (TRACO) allegedly failed to pay claims, raising concerns about insurer legitimacy.
Source: DataBreaches.net

Share this brief: https://svo.bz/0ZjD

If you want to support us, you can donate here: Donate