⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

The surge of active exploits this week illustrates a troubling convergence of new and legacy vulnerabilities. MongoDB’s CVE‑2025‑14847, dubbed "MongoBleed," enables unauthenticated memory leaks and has already been weaponized against tens of thousands of databases across the U.S., China, Germany, India, and France. Simultaneously, Fortinet’s five‑year‑old FortiOS SSL‑VPN flaw (CVE‑2020‑12812) resurfaced, allowing attackers to bypass two‑factor authentication by manipulating username case. These incidents highlight how attackers prioritize speed, often compromising systems before vendors can distribute patches, and underscore the need for continuous vulnerability scanning and rapid remediation pipelines.

Financial repercussions are mounting as threat actors target high‑value assets through compromised consumer tools. The Trust Wallet Chrome extension hack resulted in an estimated $7 million loss after a malicious version was published using a leaked Web Store API key. Meanwhile, the fallout from LastPass’s 2022 breach continues to reverberate, with threat actors cracking weak master passwords to siphon $35 million in cryptocurrency, funneling proceeds through Russian‑linked mixers. These cases demonstrate that even older breaches can become lucrative entry points when password hygiene and multi‑factor defenses are weak, prompting enterprises to enforce stricter credential policies and monitor for anomalous transaction patterns.

Beyond individual incidents, the broader threat landscape is being shaped by sophisticated supply‑chain and nation‑state actors. Evasive Panda’s DNS‑poisoning campaign delivered the MgBot backdoor across Turkey, China, and India, while a counterfeit npm package masquerading as a WhatsApp API intercepted messages for over 56,000 users. Concurrently, Android spyware campaigns exploiting zero‑day vulnerabilities in Samsung devices reveal a growing focus on mobile espionage. As these tactics evolve, organizations must adopt zero‑trust architectures, bolster endpoint detection, and invest in threat‑intelligence sharing to anticipate and mitigate the next wave of attacks in 2026.