Global: Over 1,400 Internet‑Accessible MongoDB Instances Compromised in Low‑Value Extortion Campaign
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Operation Bizarre Bazaar: Criminal Network Hijacks Exposed LLM Endpoints for Profit and Access
A coordinated criminal campaign scans for unauthenticated LLM and model-control endpoints, then validates and monetizes access—running costly inference workloads, selling API access, and probing internal networks. Some exposed targets are agentic connectors and admin interfaces that can leak tokens, credentials, or execute commands, dramatically raising the stakes beyond billable inference.
Cl0p Forces Silence from Major Firms After Oracle EBS Extortion
The Cl0p extortion campaign has posted over 100 alleged Oracle EBS targets, including several global firms that have not acknowledged impact; at least one large operator (Madison Square Garden) has publicly confirmed customer records were taken. Visible archives include roughly 2 TB and 870 GB collections linked by metadata to Broadcom and Estée Lauder, while parallel intrusions and supply‑chain vectors reported elsewhere complicate attribution and raise broader vendor and archival‑data risk.
Investigation Links ShinyHunters to Broad Vishing Campaign Targeting Over 100 Organizations
Researchers say a coordinated campaign combined telephone-based social engineering with browser-resident phishing toolkits to target more than 100 organisations across sectors, manipulating live authentication sessions to bypass MFA and SSO protections. A contemporaneous but separate infostealer disclosure — an unsecured cache of roughly 149 million credential pairs captured from endpoints — heightens the risk of credential-stuffing and targeted vishing, complicating response and containment.
Global cyber-espionage campaign breaches sensitive targets in 37 countries
A coordinated, long-duration hacking campaign has established persistent access to high-value government and diplomatic networks in 37 countries, prioritizing intelligence collection over immediate disruption. The operation leverages polymorphic tooling, credential harvesting and social-engineering techniques that complicate detection and raise urgent needs for identity-focused defenses and cross-border incident coordination.
Massive 149M credential trove exposes risks from infostealer malware to crypto and government accounts
A researcher found a publicly accessible collection of roughly 149 million stolen logins harvested by credential-stealing malware, including hundreds of thousands tied to major crypto platforms and numerous government-related accounts. The exposure stems from infected end-user devices rather than platform breaches, but it raises urgent questions about account hygiene, phishing risk, and detection across the crypto and social-media ecosystems.
Moonlock Lab: ClickFix Campaigns Leverage Fake VCs and Extension Hijack
Researchers link a coordinated ClickFix-style campaign that combines professional-identity impersonation with hijacked browser extensions to trick victims into pasting and executing clipboard payloads; the delivery chain has been observed installing a Python RAT on selected enterprise hosts and affected an estimated 7,000 extension users. The episode highlights converging supply‑chain and social‑engineering playbooks — from fake VC recruiting pages to crash‑then‑paste extension tricks — and calls for stronger extension vetting, developer-account controls and clipboard/shell telemetry.
Magento Hit by Mass Defacement Campaign
A wide defacement campaign leveraged an unauthenticated file‑upload vector to mark thousands of Magento storefronts, hitting over 7,500 sites and some 15,000 hostnames. Security firms flagged a related REST API flaw named PolyShell, warning that public exploit code will drive automated attacks in the coming weeks.
Google flags intensifying cyber campaigns against the global defense supply chain
Google’s Threat Intelligence Group alerts that coordinated cyber campaigns against firms and personnel in the defense industrial base are increasing, combining long‑dwell implants, commodity exploit reuse, and LLM-assisted social engineering. The advisory urges identity‑first controls, extended cross‑domain telemetry to suppliers and staff, hardware-backed MFA and governed agentic automation to shorten attackers’ windows and blunt supply‑chain impact.