%20(1)%20(1).png?width=309&height=69&name=image-001%20(2)%20(1)%20(1).png "periculo")
29/12/25 Threat Report
This week’s threat report: a major supply chain attack that hit Nissan customers, a critical vulnerability in a widely deployed database platform, active exploitation of common security appliances, and a maximum‑severity flaw in a major enterprise infrastructure management solution. Read on to understand the risks to your organisation and the practical steps you can take to strengthen your defences.
Critical 'MongoBleed' Flaw Exposes Sensitive Data in MongoDB
A serious security weakness, nicknamed 'MongoBleed' (CVE-2025-14847), has been found in MongoDB, a popular database used by many companies to store information. Imagine a library where some of the books have a special code that helps to squeeze them into a smaller space. This flaw is like a trick where someone can use that special code to peek at parts of other books on the shelf, even secret ones. Attackers can use this trick to steal private information like usernames, passwords, and secret keys without needing a library card.
Recommendations
- Update Immediately: If your organisation uses MongoDB, it is critical to update to a patched version as soon as possible. The affected versions are MongoDB 3.6 through 8.2.3.
- Check Your Configuration: The vulnerability affects systems with zlib compression enabled, which is the default. Review your configuration and disable it if it's not essential for your operations.
- Monitor for Suspicious Activity: Keep an eye out for any unusual activity on your MongoDB servers that could indicate an attack.
Active Attacks on SonicWall and Cisco Security Appliances
Two separate but serious issues are affecting security devices that many businesses use to protect their computer networks. First, a pair of flaws in SonicWall's SMA 1000 series appliances (CVE-2025-40602 and CVE-2025-23006) can be combined by attackers to take complete control of the device. The NHS has issued an alert about this. Second, a 'zero-day' flaw (CVE-2025-20393) in Cisco's email security gateways is being actively used by hackers. A zero-day is a flaw that the good guys haven't had a chance to fix yet. This was the same type of flaw used in the recent UK Foreign Office hack.
These security appliances are like the guards at the gate of a castle. If a hacker can trick the guard or sneak past them, they can get inside and cause a lot of damage. Because these devices are meant to protect the network, a flaw in them is especially dangerous. Hackers can use these flaws to get into a company's network, steal data, or install ransomware.
Recommendations
- Patch SonicWall Devices: If you use SonicWall SMA 1000 series appliances, apply the latest security patches immediately.
- Monitor Cisco Devices: Since there is no patch yet for the Cisco AsyncOS flaw, it's important to monitor these devices closely for any signs of an attack. Follow guidance from Cisco and the NCSC.
- Review Access Controls: Ensure that access to the management interfaces of these devices is restricted to only those who need it.
Maximum-Severity Flaw in HPE OneView
A critical vulnerability has been discovered in HPE OneView, a tool used by many large organisations to manage their computer servers and other hardware. This flaw is rated 10.0, the highest possible severity score. It allows an attacker to run their own code on the system without needing a password or any special access. This is like finding a master key that unlocks every door in a building.
HPE OneView is used to manage the very heart of a company's IT infrastructure. A vulnerability this severe could allow an attacker to take control of a company's entire network. This could lead to a complete shutdown of services, massive data theft, or catastrophic damage. Because it's so easy to exploit, it's a very attractive target for criminals.
Recommendations
- Patch Immediately: HPE has released a patch for this vulnerability. It is essential to apply it without delay.
- Isolate Management Interfaces: As a general best practice, management interfaces for critical systems like HPE OneView should not be exposed to the internet.
- Harden Your Infrastructure: Use this as an opportunity to review the security of your entire IT infrastructure and ensure that all systems are up-to-date and properly configured.
Nissan Data Breach Highlights Supply Chain Risks
Car giant Nissan has revealed that personal information for about 21,000 customers was stolen. The surprising part is that the hackers didn't break into Nissan directly. Instead, they got into a computer server managed by Red Hat, a software company that works with Nissan. This is like a thief stealing the keys to a building from the security guard's office, rather than breaking down the main door. The stolen information includes names, addresses, phone numbers, and email addresses.
This incident is a powerful reminder that a company's security is only as strong as its weakest link, and that includes all the other companies it works with. Even if your own company has strong security, a breach at one of your suppliers can put your data at risk. For the affected Nissan customers, their personal information can be used by criminals for phishing scams, where they pretend to be someone else to trick you into giving them more information or money. This is the third major security issue for Nissan in just three years, showing how persistent these threats can be.
Recommendations
- Vet Your Vendors: Businesses must carefully check the security of all their suppliers and partners. Don't just trust that they are secure; ask for proof.
- Monitor Your Supply Chain: Keep an eye on security alerts not just for your own company, but for all the companies in your supply chain.
- Be Alert for Phishing: If you are a Nissan customer, be extra careful about suspicious emails, text messages, or phone calls. Never give out personal information unless you are absolutely sure who you are talking to.
For more information on how to protect your organisation and your supply chain from these and other threats, contact us about our Threat Intelligence services.
