Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately.
A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not stop when an incident was “over” — it continued to surface months or even years later.
This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat landscape in the final stretch of 2025 and what deserves your attention now.
âš¡ Threat of the Week
MongoDB Vulnerability Comes Under Attack — A newly disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. The exact details surrounding the nature of attacks exploiting the flaw are presently unknown. Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Data from attack surface management company Censys shows that there are more than 87,000 potentially vulnerable instances, with a majority of them located in the U.S., China, Germany, India, and France. Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847. This includes both internet-exposed and internal resources.
🔔 Top News
- Trust Wallet Chrome Extension Hack Leads to $7M Loss — Trust Wallet urged users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately $7 million. Users are advised to update to version 2.69 as soon as possible. “We’ve confirmed that approximately $7 million has been impacted, and we will ensure all affected users are refunded,” Trust Wallet said. The Chrome extension has about 1 million users. Mobile-only users and all other browser extension versions are not affected. It’s currently not known who is behind the attack, but Trust Wallet said the attacker likely published a malicious version (2.68) by using a leaked Chrome Web Store API key. Affected victims have been asked to fill out a form to process reimbursements.
- Evasive Panda Stages DNS Poisoning Attack to Push MgBot Malware — A China-linked advanced persistent threat (APT) group known as Evasive Panda was attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
