Critical Information Disclosure Vulnerability in MongoDB (CVE-2025-14847)

On December 19th, software company MongoDB published an advisory regarding a critical vulnerability (tracked as CVE-2025-14847) in their popular database engine of the same name. The vulnerability is an information disclosure issue that allows a successful unauthenticated attacker to leak portions of host memory on a victim machine, potentially disclosing sensitive data such as authentication material. The vulnerability impacts all modern versions of MongoDB released in the last 5 years. On December 24th, security firm Ox Security published enough technical details to create a weaponized exploit, and on December 25th, a technical lead from Elastic published proof-of-concept exploit code to github.

Dec 27, 2025 - 2 Min Read

Critical Vulnerabilities in React and Next.js (React2Shell)

UPDATED - Original patches mitigating React2Shell properly address Remote Code Execution (RCE) but are still vulnerable to information leakage and DoS issues - To address recently disclosed vulnerabilities, React have released patches which should be applied ASAP. If your organization previously updated to React 19.0.2, 19.1.3, and 19.2.2, these are incomplete and organizations will need to update again. On December 3rd, open-source web software library React disclosed a critical vulnerability in the React Server Components (RSC) “Flight” protocol impacting the React 19 ecosystem and frameworks that implement it React and Next.js are widely used across the internet and therefore this vulnerability requires immediate action.

Dec 3, 2025 - 8 Min Read

Critical Vulnerability Reported in Citrix NetScaler ADC and Gateway (CVE-2025-12101)

On November 11th, Citrix published an advisory detailing a critical vulnerability in their NetScaler ADC and NetScaler Gateway lines of products. This bug (tracking as CVE-2025-12101) is a cross-site scripting (XSS) vulnerability on NetScaler ADC or NetScaler Gateway devices when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. These devices are typically deployed as internet facing by design, so this vulnerability can be used by threat actors to gain initial access to an organization’s internal network.

Nov 11, 2025 - 2 Min Read

Critical Microsoft WSUS Vulnerability Being Exploited In-The-Wild (CVE-2025-59287)

On October 23rd, Microsoft issued an out-of-band security update to address a previously reported vulnerability identified as CVE-2025-59287. This vulnerability affects the Windows Server Update Service (WSUS) component and may allow unauthorized attackers to execute remote code on WSUS servers. If exploited, threat actors could use this vulnerability to distribute malicious software to Windows systems that are configured to receive updates from the compromised WSUS server. The out-of-band update was likely in response to proof-of-concept (PoC) exploit code published by cyber security company HawkTrace, followed by reports of exploit attempts from threat actor groups in-the-wild observed by cyber security company Huntress.

Oct 24, 2025 - 4 Min Read

F5 Source Code, Engineering Documentation and undisclosed vulnerabilities stolen by Nation State Threat Actors

On October 15th, vendor F5 publicly disclosed a security breach impacting their internal environment and resulting in a threat actor exfiltrating sensitive data about their BIG-IP product line including source code, engineering documentation, and undisclosed vulnerability data. We examine the impact of the breach and review the vulnerabilities that F5 has now addressed in their response to the breach.

Oct 15, 2025 - 10 Min Read