A high-severity flaw in MongoDB instances could allow unauthenticated remote bad actors to leak sensitive data from MongoDB servers. Dubbed "MongoBleed," the security flaw is being exploited in the wild after a PoC exploit and technical details were published. MongoDB has released patches to protect against exploitation.
The post Threat Actors Exploiting Critical ‘MongoBleed’ MongoDB Flaw appeared first on Security Boulevard.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Website Task Flowchart’ appeared first on Security Boulevard.
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.
Key takeaways:On December 19, MongoDB issued a security advisory to address a vulnerability affecting the zlib implementation of MongoDB.
CVE Description CVSSv3 VPR CVE-2025-14847 MongoDB Uninitialized Memory Leak Vulnerability (“MongoBleed”) 7.5 8.0*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on December 29 and reflects VPR at that time.
AnalysisCVE-2025-14847 is a memory leak vulnerability affecting MongoDB instances in which zlib compression is enabled. A flaw in how MongoDB implements zlib decompression could allow unauthenticated attackers to leak uninitialized memory, which can contain sensitive data including credentials, session tokens and API keys. This flaw was dubbed “MongoBleed” by Elastic Security researcher Joe Desimone, who published a proof-of-concept demonstrating the vulnerability. While exploitation does require zlib compression to be enabled and a vulnerable MongoDB version to be internet exposed, reports of in the wild exploitation have already begun.
According to Censys, there are over 87,000 potentially vulnerable instances of MongoDB that have been identified, with the largest concentration being found in the United States.
Source: Censys
Proof of conceptOn December 25, a public proof-of-concept (PoC) was released on GitHub. This PoC demonstrates how data can be leaked from uninitialized memory. According to the PoC details, the following data could be leaked:
MongoDB has released patches to address this vulnerability as outlined in the table below:
Affected Version Fixed Version MongoDB Server v3.6 (All Versions) Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or later MongoDB Server v4.0 (All Versions) Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or later MongoDB Server v4.2 (All Versions) Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or later MongoDB 4.4.0 through 4.4.29 Upgrade to MongoDB 4.4.30 or later MongoDB 5.0.0 through 5.0.31 Upgrade to MongoDB 5.0.32 or later MongoDB 6.0.0 through 6.0.26 Upgrade to MongoDB 6.0.27 or later MongoDB 7.0.0 through 7.0.26 Upgrade to MongoDB 7.0.28 or later MongoDB 8.0.0 through 8.0.16 Upgrade to MongoDB 8.0.17 or later MongoDB 8.2.0 through 8.2.2 Upgrade to MongoDB 8.2.3 or laterAccording to the MongoDB security advisory, if immediate patching is not able to be performed, the workaround suggestion is to disable zlib compression. In addition, we recommend that you limit network access to MongoDB instances to trusted IP addresses only. While this step was not outlined in the advisory, it has been recommended as a security best practice by MongoDB.
Identifying affected systemsA list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-14847 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.
Tenable Attack Surface Management customers are able to identify assets running MongoDB services by using the filter 'Services contains mongod' as shown in the screenshot below:
Get more informationJoin Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The post CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild appeared first on Security Boulevard.
NDSS 2025 - The Road To Trust: Building Enclaves Within Confidential VMs
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Benshan Mei (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shuang Liu (Ant Group), Shijun Zhao (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shoumeng Yan (Ant Group), XiaoFeng Wang (Indiana University Bloomington), Dan Meng (Institute of Information Engineering, CAS), Rui Hou (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS)
PAPER
The Road to Trust: Building Enclaves within Confidential VMs
Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately 1.9 times -- 2.1 times higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs appeared first on Security Boulevard.
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
BackgroundThe Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare.
FAQWhat is IngressNightmare?
IngressNightmare is the name given to a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, an open source controller used for managing network traffic in Kubernetes clusters using NGINX as a reverse proxy and load balancer.
What are the vulnerabilities associated with IngressNightmare?
The following CVEs are associated with IngressNightmare:
CVE Description CVSSv3 CVE-2025-1097 Ingress NGINX Controller Configuration Injection via Unsanitized auth-tls-match-cn annotation 8.8 CVE-2025-1098 Ingress NGINX Controller Configuration Injection via Unsanitized Mirror Annotations 8.8 CVE-2025-1974 Ingress NGINX Admission Controller Remote Code Execution 9.8 CVE-2025-24513 Ingress NGINX Controller Auth Secret File Path Traversal Vulnerability 4.8 CVE-2025-24514 Ingress NGINX Controller Via Unsanitized Auth-URL Annotation 8.8When was IngressNightmare first disclosed?
Public disclosure of IngressNightmare happened on March 24 when news outlets, such as The Hacker News, began reporting on these vulnerabilities. At the time those articles were published, no patches were yet available from the Kubernetes team nor had a blog been published by the researchers who discovered these flaws.
How critical are the IngressNightmare vulnerabilities?
Based on the CVSS scores for these vulnerabilities, three are categorized as high severity, one is categorized as medium severity and one is categorized as critical severity.
The most severe flaw, CVE-2025-1974, requires an unauthenticated remote attacker to be able to access the admission controller, a component in the Ingress NGINX Controller that has more privileged access within a Kubernetes cluster.
Are the IngressNightmare vulnerabilities part of a toxic combination?
Yes, the five vulnerabilities that make up IngressNightmare can be chained together as part of a toxic combination (or exploit chain). Successful exploitation of these flaws would grant an attacker the ability to access cluster secrets, which could result in a cluster takeover.
Was this exploited as a zero-day?
No, these vulnerabilities were reported to Kubernetes through coordinated disclosure.
Is there a proof-of-concept (PoC) available for these vulnerabilities?
As of March 24, there are no public proof-of-concept exploits for any of the five CVEs associated with IngressNightmare.
Are patches or mitigations available for IngressNightmare?
Yes, on the evening of March 24, the Kubernetes team published two fixed versions of Ingress NGINX Controller:
Affected product Affected versions Fixed version Ingress NGINX Controller 1.12.0 1.12.1 Ingress NGINX Controller 1.11.4 and below 1.11.5Additionally, customers can use the following command to determine if clusters are using ingress-nginx:
kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginxFor more specific information about mitigation steps, please refer to the Kubernetes blog.
Does this also affect the NGINX Ingress Controller?
No, while the names may sound similar, IngressNightmare does not affect the NGINX Ingress Controller from F5.
Has Tenable released any product coverage for these vulnerabilities?
A list of Tenable plugins for these vulnerabilities will be available on the individual CVE pages as they’re released:
Our Plugins Pipeline displays all available plugins for these vulnerabilities, including upcoming plugins, as they are added.
Additional coverage is being investigated by Tenable Research and this blog post will be updated accordingly.
Get more informationJoin Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The post Best of 2025: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare appeared first on Security Boulevard.
In 2026, the question isn’t whether Kubernetes wins – it already has. And yet, many organizations are running mission-critical workloads on a platform they still treat as plumbing, not the operating layer that controls speed, security, and efficiency. Recent Cloud Native Computing Foundation (CNCF) surveys of cloud‑native artificial intelligence (AI) adoption and broader cloud‑native trends , along with Google Cloud’s 2026 cybersecurity forecast , make that gap hard to ignore.
The post 2026 Kubernetes Playbook: AI at Scale, Self‑Healing Clusters, & Growth appeared first on Security Boulevard.
Bangalore is the beating heart of India’s technology landscape, a global hub where innovation, data, and enterprise operations converge at unprecedented scale. But a new report highlights a stark reality: as digital acceleration skyrockets, so do the cyber risks facing the multinational organizations (MNCs) operating here. With the DPDP Act 2023 reshaping compliance expectations and
The post Bangalore MNCs Under Cyber Siege: Why India’s Silicon Valley Faces a New Era of Risk and How Unified Security Platforms Are Becoming Essential appeared first on Seceon Inc.
The post Bangalore MNCs Under Cyber Siege: Why India’s Silicon Valley Faces a New Era of Risk and How Unified Security Platforms Are Becoming Essential appeared first on Security Boulevard.
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient — and least noisy — way to get the LLM to do bad things. That's why malicious actors have been turning to indirect prompt injection attacks on LLMs.
The post Best of 2025: Indirect prompt injection attacks target common LLM data sources appeared first on Security Boulevard.
The cybersecurity landscape has entered a dangerous new phase. Nation-state actors and sophisticated cybercriminals are orchestrating five to eight different Large Language Models simultaneously, creating adaptive breach campaigns that operate at machine speed. This represents the most dramatic transformation in cyber warfare since ransomware and it is rendering traditional defenses obsolete. The Multi-LLM Attack Arsenal
The post Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks appeared first on Seceon Inc.
The post Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks appeared first on Security Boulevard.
Join us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year’s forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new […]
The post 2025 Predictions: Hits, Misses & What We Learned appeared first on Shared Security Podcast.
The post 2025 Predictions: Hits, Misses & What We Learned appeared first on Security Boulevard.
Learn about auth tokens, token-based authentication, JWTs, and implementation strategies. Enhance security and user experience in enterprise SSO and CIAM.
The post What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation appeared first on Security Boulevard.
Explore real-time threat detection in post-quantum AI inference environments. Learn how to protect against evolving threats and secure model context protocol (mcp) deployments with future-proof security solutions.
The post Real-time threat detection for post-quantum AI inference environments. appeared first on Security Boulevard.
Are Businesses Ready to Trust AI with Their Most Sensitive Data? The discussion around trusting AI with sensitive data is both inevitable and essential. With AI systems increasingly integrated into business processes, the question now revolves around how businesses can ensure that these technologies handle sensitive data responsibly and securely. Understanding the Complexity of Non-Human […]
The post How can businesses trust AI to handle sensitive data appeared first on Entro.
The post How can businesses trust AI to handle sensitive data appeared first on Security Boulevard.
How Can Organizations Effectively Manage Non-Human Identities? Have you ever considered how the digital backbone of your organization is secured when it comes to managing the vast array of Non-Human Identities (NHIs)? With technology continues to evolve at a rapid pace, the complexity of managing these machine identities is becoming increasingly significant across multiple industries. […]
The post Is the security for Non-Human Identities getting better appeared first on Entro.
The post Is the security for Non-Human Identities getting better appeared first on Security Boulevard.
Are You Effectively Managing Non-Human Identities in AI-Driven Cloud Security? Where technology underpins every business function, the security of machine identities—known as Non-Human Identities (NHIs)—has become paramount. But how well are organizations managing these NHIs, especially in AI-driven cloud security? Understanding Non-Human Identities Within Cloud Security Non-Human Identities are essentially digital passports issued to machine […]
The post Can AI-driven cloud security assure full data protection appeared first on Entro.
The post Can AI-driven cloud security assure full data protection appeared first on Security Boulevard.
How Do Machine Identities Shape Cloud Security? What role do machine identities play, particularly within cloud environments? When organizations continue to transform digitally, the focus on securing machine identities, known as Non-Human Identities (NHIs), becomes increasingly paramount. NHIs consist of a “secret”—such as an encrypted password, token, or key—and the permissions granted to that secret. […]
The post What support is available for implementing Agentic AI systems appeared first on Entro.
The post What support is available for implementing Agentic AI systems appeared first on Security Boulevard.
NDSS 2025 - Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Zelun Kong (University of Texas at Dallas), Minkyung Park (University of Texas at Dallas), Le Guan (University of Georgia), Ning Zhang (Washington University in St. Louis), Chung Hwan Kim (University of Texas at Dallas)
PAPER
TZ-DATASHIELD: Automated Data Protection For Embedded Systems Via Data-Flow Based Compartmentalization
As reliance on embedded systems grows in critical domains such as healthcare, industrial automation, and unmanned vehicles, securing the data on micro-controller units (MCUs) becomes increasingly crucial. These systems face significant challenges related to computational power and energy constraints, complicating efforts to maintain the confidentiality and integrity of sensitive data. Previous methods have utilized compartmentalization techniques to protect this sensitive data, yet they remain vulnerable to breaches by strong adversaries exploiting privileged software. In this paper, we introduce TZ-DATASHIELD, a novel LLVM compiler tool that enhances ARM TrustZone with sensitive data flow (SDF) compartmentalization, offering robust protection against strong adversaries in MCU-based systems. We address three primary challenges: the limitations of existing compartment units, inadequate isolation within the Trusted Execution Environment (TEE), and the exposure of shared data to potential attacks. TZ-DATASHIELD addresses these challenges by implementing a fine-grained compartmentalization approach that focuses on sensitive data flow, ensuring data confidentiality and integrity, and developing a novel intra-TEE isolation mechanism that validates compartment access to TEE resources at runtime. Our prototype enables firmware developers to annotate source code to generate TrustZone-ready firmware images automatically. Our evaluation using real-world MCU applications demonstrates that TZ-DATASHIELD achieves up to 80.8% compartment memory and 88.6% ROP gadget reductions within the TEE address space. It incurs an average runtime overhead of 14.7% with CFI and DFI enforcement, and 7.6% without these measures.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization appeared first on Security Boulevard.
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry prediction reports from the top security vendors, publications and thought leaders.
The post The Top 26 Security Predictions for 2026 (Part 2) appeared first on Security Boulevard.
How Are Non-Human Identities Changing the Cybersecurity Landscape? What if the biggest vulnerability in your cybersecurity strategy was not a human error but a machine identity left unchecked? Secrets vaulting solutions are increasingly seen as critical components of impenetrable security strategies. In domains like finance, healthcare, travel, and more, the integration of Non-Human Identities (NHIs) […]
The post How impenetrable are secrets vaulting solutions appeared first on Entro.
The post How impenetrable are secrets vaulting solutions appeared first on Security Boulevard.
How Secure Are Your Non-Human Identities? Have you ever wondered how well your organization handles Non-Human Identities (NHIs) within your cybersecurity framework? With technology progresses, so does the complexity of managing machine identities and their associated secrets. These NHIs are crucial for maintaining secure interactions among systems, especially in cloud environments. However, the pressing question […]
The post Are current PAM solutions capable of handling NHIs appeared first on Entro.
The post Are current PAM solutions capable of handling NHIs appeared first on Security Boulevard.
