Moltbook, a week-old social network for AI agents, exposed 6,000+ user emails and over a million API keys through an open database, according to Wiz researchers. The creator boasted about writing "zero code" for the platform. The breach highlights security risks when AI generates software without proper configuration oversight. Vulnerability now patched.

#AIAgents #CyberSecurity #DatabaseSecurity

https://www.implicator.ai/moltbook-exposed-6-000-users-data-as-ai-agent-social-network-splits-silicon-valley/

Fuzzing PostgreSQL at the front door 🔍

Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/

#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools

Lỗ hổng Mongobleed (CVE-2025-14847) trong MongoDB: Ngay cả khi cấu hình đúng, hệ thống có thể rò rỉ bộ nhớ, phơi bày dữ liệu nhạy cảm mà không kích hoạt cảnh báo. Câu hỏi đặt ra: Làm thế nào phát hiện rò rỉ bộ nhớ runtime mà không tạo nhiễu? #AnToànCơSởDữLiệu #BảoMậtMáyTính #LỗHổngBảoMật
#DatabaseSecurity #Cybersecurity #Vulnerability #MongoDB #MemoryLeak

https://www.reddit.com/r/SaaS/comments/1q1y7w5/runtime_memory_vulnerabilities_in_mongodb/

MongoDB Server Security Update, December 2025

https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025

#HackerNews #MongoDB #Security #Update #December2025 #ServerUpdate #DatabaseSecurity

A high-severity flaw known as MongoBleed (CVE-2025-14847) is currently being exploited in the wild.

The scale is significant:

🔍 Wiz researchers have confirmed active exploitation.
📊 Data from Shodan and Censys reveals between 87,000 and 100,000 potentially vulnerable MongoDB instances.

Read More: https://www.security.land/mongobleed-alert-cve-2025-14847-exploited-in-the-wild/

#SecurityLand #CyberSecurity #InfoSec #MongoDB #MongoBleed #DatabaseSecurity #Wiz #Shodan #Censys #CloudSecurity

It's been a bit quiet over the last 24 hours, so it'll be a short post today focusing on a significant vulnerability impacting MongoDB. Let's dive in:

MongoDB Unauthenticated Memory Read Flaw ⚠️

- A high-severity vulnerability, CVE-2025-14847 (CVSS 8.7), has been disclosed in MongoDB, allowing unauthenticated attackers to read uninitialized heap memory.
- The flaw stems from improper handling of length parameter inconsistency in Zlib compressed protocol headers, potentially disclosing sensitive in-memory data like internal state or pointers.
- Admins should upgrade immediately to patched versions (e.g., 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30). If immediate upgrade isn't possible, disable zlib compression on the MongoDB Server as a temporary mitigation.

📰 The Hacker News | https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html

#CyberSecurity #Vulnerability #MongoDB #CVE #InfoSec #DatabaseSecurity #ThreatIntelligence #PatchNow

Để LLM truy vấn cơ sở dữ liệu an toàn, cần một kiến trúc 5 lớp. Trọng tâm là "Agent Views" (chế độ xem SQL được sandbox) giúp giới hạn quyền truy cập và loại bỏ dữ liệu nhạy cảm. "MCP Tool Interface" bổ sung các lớp kiểm tra chính sách. Kiến trúc này đảm bảo an toàn dữ liệu, kiểm soát truy cập và giảm thiểu "ảo giác" cho LLM.

#LLM #AI #DatabaseSecurity #DataSafety #Architecture #Security
#BảoMậtDữLiệu #TríTuệNhânTạo #HệThốngDữLiệu #BảoMật

https://www.reddit.com/r/LocalLLaMA/comments/1puif2l/ho

China-linked APT actively targeting enterprise SQL databases

Custom tools + SQL injection = systematic IP theft across tech, telecom, finance sectors

CORTEX Analysis: Databases now primary espionage targets—not email endpoints

#ThreatIntel #APT #DatabaseSecurity