Ransomware attack wreaks havoc with roughly 1,000 systems at Romanian water authority
Romanian Waters (Administrația Națională Apele Române) reported a ransomware attack over the weekend that impacted approximately 1,000 computers across 10 of 11 regional offices, knocking systems like email, databases, web portals and GIS tools offline.
The attackers left a message demanding contact within seven days, but the exact initial access vector remains under investigation by Romania’s National Directorate for Cyber Security (DNSC) and national intelligence services.
This incident demonstrates the persistent threat to critical infrastructure management systems, where cyber disruption can cascade into operational challenges for essential public services.
Active exploitation of “MongoBleed” flaw exposes data from over 87,000 servers
Security researchers report active exploitation of a severe memory disclosure vulnerability dubbed “MongoBleed” (CVE-2025-14847) affecting multiple MongoDB versions exposed on the internet, with over 87,000 potentially vulnerable servers identified.
The flaw allows unauthenticated remote clients to read uninitialized heap memory, potentially exposing internal server state information that could assist attackers in gaining further access.
Unsanitized in-memory data leaks from widely deployed databases increase the risk of credential, configuration or token disclosure, which can be leveraged for deeper compromise of dependent applications and services.
Patch released for high-severity RCE issue in n8n workflows
Security researchers disclosed a critical remote code execution vulnerability (CVE-2025-68613, CVSS 9.9) in the n8n workflow automation platform, affecting versions prior to 1.120.4, potentially enabling arbitrary code execution by authenticated users under specific conditions.
n8n is a widely used open-source automation tool with approximately 57,000 weekly downloads, and unpatched instances can expose workflows orchestrating cloud services, databases and internal applications.
Supply-chain reliance on automation platforms means a flaw of this severity can translate into downstream compromise of connected services and data flows, especially in enterprise environments.
Researchers uncover credential-harvesting Chrome extensions
Researchers uncovered two malicious Google Chrome extensions that were published by the same developer and designed to intercept traffic and capture credentials from users across over 170 sites.
The extensions abused extension API capabilities to monitor browsing sessions and capture login tokens and cookies, highlighting continued abuse of extension ecosystems for credential and session theft.
This activity reinforces that trusted extension stores and developer accounts remain exploitable platforms for attackers to achieve wide-scale credential harvesting and browser session compromise.
Alleged WIRED database breach could expose 2.3 million user records
A threat actor claims to have breached a database purportedly belonging to Condé Nast’s WIRED publication, allegedly exfiltrating 2.3 million subscriber records with warnings of further data releases up to 40 million records.
The claimed breach includes email addresses and subscriber metadata, and though not independently verified by WIRED or Condé Nast at the time of reporting, attribution and specifics remain under scrutiny.
Public claims of large subscriber data theft fuel credential stuffing, targeted phishing and secondary breach amplification risks for affected individuals and organizations.