Aniket Chavan

WAF Bypass Discovered - Akamai & Cloudflare : 🙌🏻 A fresh technique has been spotted that successfully bypasses WAFs like Akamai and Cloudflare. #infosec #cybersec #bugbountytips

I wrote a Tool to detect MongoBleed exploitation in MongoDB logs 🩸 The detection logic is based on @eric_capuano's excellent research: the exploit makes thousands of connections but never sends client metadata. Legit drivers always do. github.com/Neo23x0/mongob… Features: - Pure bash/jq/awk - no agents, runs via SSH or on forensic copies - Streams large logs without loading into memory - Handles compressed .gz rotated logs - IPv4 & IPv6 support - Configurable thresholds - Risk levels: HIGH/MEDIUM/LOW/INFO - a Python based wrapper that takes a host list as an input and runs the script on a set of remote systems The sub folder ./example-logs contains a Mongod.log of an exploited system

MongoBleed (CVE-2025-14847) is basically Heartbleed for MongoDB - unauthenticated memory disclosure - public POC, trivial to exploit - leaks creds, tokens, cloud keys straight from RAM - huge exposed surface on the internet Good writeups and technical details here: doublepulsar.com/merry-christma… ox.security/blog/attackers… blog.ecapuano.com/p/hunting-mong… Patch fast, rotate secrets, and assume exposed instances were scanned(!)

🚨A critical vulnerability in MongoDB (CVE-2025-14847) allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. A MongoDB honeypot intel stream has been now added into Defused TF and is available for subscription 🍯 👉console.defusedcyber.com/signup

🚨 MongoBleed (CVE-2025-14847) MongoDB w/ zlib enabled (default) may leak uninitialized heap memory to unauthenticated attackers, risking credentials & tokens. 📌 Censys sees 87K+ potentially vulnerable instances. ✅ Patch: 8.2.3+, 8.0.17+, 7.0.28+, 6.0.27+, 5.0.32+, 4.4.30+ 🔗 hubs.ly/Q03Z4_GS0 #MongoDB #CVE202514847

🚨 Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration Source: cybersecuritynews.com/putty-lateral-… Hackers are increasingly abusing the popular PuTTY SSH client for stealthy lateral movement and data exfiltration in compromised networks, leaving subtle forensic traces that investigators can exploit. Threat actors favor PuTTY, a legitimate tool for secure remote access, due to its “living off the land” nature, blending malicious activity with normal admin tasks. Attackers execute PuTTY binaries like plink.exe or pscp.exe to hop between systems via SSH tunnels and siphon sensitive files without deploying custom malware. #cybersecuritynews

🏛️🧠 Strong governance is key to cyber resilience. Our updated Cross-Sector Cybersecurity Performance Goals now include a governance component—emphasizing leadership accountability, risk management, & integration of #cybersecurity in operations. More info: cisa.gov/cross-sector-c…

Cyber AI Profile - nvlpubs.nist.gov/nistpubs/ir/20… by @NIST NIST’s preliminary draft Cyber AI Profile can help organizations strategically adopt AI while addressing and prioritizing cybersecurity risks stemming from its advancements. The Cyber AI Profile addresses the following Focus Areas: - Securing AI System Components (Secure) - Conducting AI-Enabled Cyber Defense (Defend) - Thwarting AI-enabled Cyber Attacks (Thwart) Authors: @KonnectedKat, Barbara Cuthill, Marissa Dotter, Michael Garris, Ishika Khemani, Bronwyn Patrick, Noah Schiro, Julie Nethery Snyder, Mohammad Zarei – @NIST, @NISTcyber, @MITREcorp

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available. Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT. The flaw allows root-level command execution on affected email security appliances and enables attackers to establish persistence. 🔗 Details and mitigations → thehackernews.com/2025/12/cisco-…

🚨 Cyber threat actors are exploiting newly identified zero-day vulnerabilities in Cisco Adaptive Security Appliances via web services, posing significant risk. Federal agencies must act immediately and follow the guidance in Emergency Directive 25-03. 🔗 go.dhs.gov/iAK

"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity." In the first of a four-part Inside Microsoft Threat Intelligence miniseries, Director of Threat Intelligence Strategy @sherrod_im gives a behind-the-scenes look at how Microsoft's Digital Crimes Unit (DCU) coordinated disruption action against Storm-1152, a threat actor that created and sold hundreds of millions of fake Microsoft accounts. DCU initiated legal action to seize domains and take down websites that Storm-1152 was using to provide services to cybercriminals, an example of how Microsoft turns threat intelligence insight into action. "Threat intelligence at Microsoft is the foundation of everything we do when it comes to defending our customers and the global digital landscape." Learn more: msft.it/6012sWVYq

Telegram groups like “Scattered LAPSUS$ Hunters” are operating more like organized extortion gangs — pushing aggressive ransom demands & public taunts. Their latest play: ramping up fear in luxury brands, now claiming upcoming leaks tied to Cartier & Louis Vuitton.

⚠️ More drama unfolds with “Scattered LAPSUS$ Hunters” After Splunk blocked their access, the group vowed to “be back” & claimed to hold a Splunk 0day. If legit, it could threaten Splunk users globally.

🚨 Data Breach Alert :Zeelab Pharmacy 🇮🇳 🚨 A threat actor has posted on a cybercrime forum claiming to have breached Zeelab Pharmacy (zeelabpharmacy.com), one of India’s largest online pharmacies. The actor alleges that the breach involves 4 million records.

Additional Insight from “Scattered LAPSUS$ Hunters” Telegram Posts 1. New Claimed Breach – Banco Santander •Asking Price: 30 BTC (~USD 1.7M) •Alleged Data: •30M customer records •6M account numbers with balances •28M credit card numbers •HR employee lists •Consumer citizenship data •Affected Countries: Spain, Chile, Uruguay ⸻ 2. Claimed Zomato.com Compromise •Offer to drop shell access to zomato.com if the post hits 50 reactions in the chat. •Designed as a public stunt to show capability. ⸻ 3. Group’s Ransom Stance •Non-paying targets are exposed. •Claims many don’t pay because of law enforcement pressure. •Accuses agencies of preferring large fines/lawsuits over victim payments to hackers. •Typical demands: $500K–$5M, positioned as “reasonable” compared to other actors. •Asserts they “honor agreements” with compliant entities. In another post, member shows off a Rolex, iPad Pro & Pandora haul — claiming it was bought with ransom $ from AT&T.

New Telegram group “Scattered LAPSUS$ Hunters” emerges Claims hits on: Gucci, Chanel, Neiman Marcus, Victoria’s Secret, Coca-Cola Europacific, 🇺🇸 DHS, 🇬🇧 NCA & Ministry of Justice, 🇧🇷, 🇮🇳, 🇫🇷 govs & Iran’s IRGC intel DB. Mix of leaks, threats & trolling. Corporate Targets Gucci – Customer data sample (~100 entries) Chanel – Breach tied to Salesforce campaign Neiman Marcus – Database for sale (1 BTC) Victoria’s Secret – Claimed upcoming large data dump Coca-Cola Europacific Partners – Vendor contact database (Salesforce-derived) Government / Law Enforcement Targets United States Department of Homeland Security (DHS) – Threats issued UK National Crime Agency (NCA) – Threats issued UK Ministry of Justice – Threat to leak GitHub repos & Legal Aid Agency DB if member not released Government of Brazil – Claimed compromise Government of England – Threats issued Government of France – Threats issued Government of India – Threats issued Iran IRGC (Islamic Revolutionary Guard Corps) Intelligence Agency – Claimed database access / threat

🚨 New Group claiming to linked to “Scattered Spider” emerges on Telegram Blending Scattered Spider, LAPSUS$ & ShinyHunters chaos — leaks hit Gucci, Chanel, Neiman Marcus, Coca-Cola Europacific & govs of 🇺🇸🇬🇧🇧🇷🇮🇳. Data ranges from vendor lists to breach samples, mixed w/ threats & trolling. We would be soon publishing a detailed blog analysing the real time chats.

@ojasvikhurana Mangalore buns also known as banana buns & maida will be used in it.

Why did i google what mangalore buns are made of! :”) Now i won’t eat it 😔

More details on Big Sleep and our latest security work: blog.google/technology/saf…

New from our security teams: Our AI agent Big Sleep helped us detect and foil an imminent exploit. We believe this is a first for an AI agent - definitely not the last - giving cybersecurity defenders new tools to stop threats before they’re widespread.