Unsecured MongoDB databases remain easy targets for data exfiltration and extortion campaigns
Researchers continue to observe data extortion attacks against internet-exposed MongoDB instances, where threat actors gain access to unsecured databases, copy sensitive data and extort organizations without deploying ransomware.
The activity typically starts with unauthenticated access to misconfigured MongoDB servers, followed by data exfiltration and extortion demands, showing that basic exposure issues remain highly exploitable.
Publicly accessible databases significantly increase the risk of credential reuse, environment mapping and secondary compromise, especially in environments lacking segmentation and access monitoring.
Critical CVEs in SolarWinds web help desk patched after researchers warn of high‑impact exploitation paths
SolarWinds released security updates for Web Help Desk addressing critical authentication bypass (tracked as CVE-2025-40552 and CVE-2025-40554) and remote command execution (CVE-2025-40553) issues affecting a widely used help-desk platform.
Exploitation could allow attackers to invoke privileged actions and execute code, creating a path to compromise IT support workflows and potentially harvest credentials or tickets containing sensitive data.
ITSM / help-desk systems are attractive targets because they can provide indirect access to admin processes and internal infrastructure details.
RCE risks emerge for n8n servers as researchers detail sandbox escape impacting stored credentials and tokens
Researchers reported vulnerabilities in n8n that could enable sandbox escape leading to remote code execution, placing exposed automation servers at risk.
Successful attacks can allow execution on the underlying host, potentially exposing stored credentials, workflow secrets and connected SaaS tokens used by automation pipelines.
Automation platforms concentrate on integrations and secrets, so compromise can cascade into multiple connected services quickly.
IPIDEA proxy network dismantled after investigation links it to trojanized apps and hijacked endpoints
Google and partners disrupted IPIDEA-related infrastructure used to route traffic through compromised devices, targeting domains used for device management and proxy routing.
Residential proxy ecosystems can be built via trojanized apps / SDKs or deceptive “bandwidth monetization,” turning endpoints into covert egress nodes used for fraud, scanning and intrusion activity.
This reinforces that endpoint compromise isn’t only about local damage — it can also turn fleets into operational infrastructure for threat actors.
ShinyHunters’ leak claims prompt Match Group to confirm limited data exposure event
Match Group confirmed a cybersecurity incident involving a limited amount of user data, after data was allegedly leaked by the ShinyHunters threat actor.
The reporting describes leaked files and claims affecting multiple Match-owned services, highlighting data-theft / extortion dynamics rather than purely disruptive encryption-only events.
Consumer platforms remain frequent targets because attackers can monetize access via extortion, credential reuse and downstream fraud.