Today’s roundup
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
Hacker claims to leak WIRED database with 2.3 million records
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
Blind trust: what is hidden behind the process of creating your PDF file?
Summary
Fortinet has issued a warning regarding the active exploitation of a five-year-old critical FortiOS vulnerability. This flaw enables threat actors to bypass two-factor authentication (2FA) on vulnerable FortiGate firewalls, posing an ongoing and significant security risk for affected organizations.
A critical vulnerability, CVE-2025-14847, known as "MongoBleed," is under widespread active exploitation against MongoDB instances globally. With a CVSS score of 8.7, the flaw allows unauthenticated attackers to remotely leak sensitive data directly from MongoDB server memory, affecting over 87,000 potentially susceptible servers exposed online and necessitating immediate patching.
A hacker has claimed to have breached Condé Nast and leaked a WIRED database containing over 2.3 million subscriber records. The same actor has threatened to release an additional 40 million records belonging to other Condé Nast properties, indicating a potentially extensive data compromise.
Cybersecurity researchers have identified a sustained spear-phishing campaign employing 27 malicious npm packages uploaded from six different npm aliases. These packages were designed to facilitate credential theft, primarily targeting sales and commercial personnel and highlighting a significant supply chain risk within the software development ecosystem.
New analysis indicates that traditional security frameworks are insufficient to protect against emerging AI-specific attack vectors. The report highlights past incidents such as the compromise of the Ultralytics AI library for cryptocurrency mining in December 2024, the leakage of 2,349 GitHub, cloud, and AI credentials via malicious Nx packages in August 2025, and ChatGPT vulnerabilities in 2024 that allowed unauthorized extraction of user data. These examples underscore the urgent need for specialized AI security measures.
The China-linked APT group Evasive Panda, also known as Daggerfly, conducted a sophisticated cyber-espionage campaign between November 2022 and November 2024, targeting entities in Türkiye, China, and India. The group utilized DNS poisoning and fake software updates to deliver its custom MgBot backdoor through adversary-in-the-middle attacks, employing stealthy loaders and DLL sideloading for long-term persistence within compromised systems.
Extensive research has uncovered 13 vulnerabilities, 7 intentional behaviors, and 6 misconfigurations across popular HTML-to-PDF libraries including TCPDF, html2pdf, jsPDF, mpdf, snappy, dompdf, and OpenPDF. These critical flaws encompass Server-Side Request Forgery (SSRF), arbitrary file deletion, remote code execution (RCE), path traversal, and Denial of Service (DoS) via Regular Expression Denial of Service (ReDoS). Given the widespread use of these libraries in applications handling sensitive data, the findings emphasize the critical importance for developers to keep libraries updated, sanitize untrusted input, and apply correct security configurations to mitigate significant risks.
Want to dig deeper?
Vulnerabilities
Cyber Groups