Cybersecurity today.

Would like to thank Meter for their support in bringing you.

This podcast Meter delivers a complete networking stack with wired, wireless and cellular, all in one integrated solution that's built for performance and scale.

You can find them at meter.com/cst.

Mongo Bleed, exploit drops on Christmas Day.

Rainbow Six Siege hacked billions of credits granted.

Trust Wallet extension hack drains 7 million in cryptocurrency and fake GrubHub.

Emails, push 10 X Bitcoin scam.

This is cybersecurity today, and I'm your host, David Shipley.

Let's get started.

One of the biggest cybersecurity developments over the holidays is a vulnerability in MongoDB now being tracked as CVE 20 25 14 84 7, commonly referred to as Mongo Bleed.

MongoDB disclosed the vulnerability on December 15th, warning that it could allow an unauthenticated client to trigger exposure of sensitive memory under certain conditions.

But the story escalated on Christmas Day when a proof of concept exploit was posted publicly by an elastic security researcher significantly lowering the barrier for attackers to test and weaponize the vulnerability.

The exploit targets a flaw in MongoDB's Z lib based network message decompression logic.

And because that logic is processed before authentication.

It allows unauthenticated attackers to trigger the server into returning uni initialized heap memory, potentially exposing sensitive fragments of data in memory.

This is a high severity vulnerability with A-C-V-S-S score of 8.7, and it impacts a wide range of MongoDB versions, including supported branches and older legacy versions.

Going back to MongoDB 3.6.

The risk is highest for organizations that allow MongoDB instances to be reachable over the network, especially those exposed to the internet.

Because attackers don't need stolen credentials or user interaction to begin probing.

Public exploit code lowers the barrier even further, making widespread scanning and opportunistic exploitation, far more likely.

The timing of the POC alone sparked immediate backlash Over on r/sysadmin on Reddit, the mood was basically, this is serious, but why drop a working exploit on Christmas Day?

MongoDB has already released patch versions for the affected branches, including 8.2 0.3, 8.0 17, 7.0 28, 6 0.0 27, 5 0.0, point 32, and 4.4 point 30.

If you're using MongoDB.

Atlas updates have already been applied automatically, but for self-hosted environments, it's critical to patch immediately.

If patching isn't an option right away.

MongoDB recommends a temporary workaround, disable zed lib compression and explore alternatives like Snappy or Zed standard if compression is required.

The takeaway here is straightforward.

Mongo Bleed is a high severity vulnerability.

Exploit code is now public and it affects a wide range of MongoDB deployments.

If you run MongoDB, especially anything internet facing, the priority is clear Patch immediately disable z lib compression.

If you can't patch and review network exposure to ensure database access is tightly restricted.

Ubisoft's Rainbow Six Siege.

A hugely popular team-based video game suffered a major breach that allowed attackers to abuse internal systems to ban and unban players manipulate in-game moderation feeds, and most dramatically grant massive amounts of in-game currency and cosmetic items to accounts worldwide.

Player reports of issues started around December 27th.

This reporting comes from Bleeping Computer, which says the incident is backed by multiple player reports and in-game screenshots circulating online.

According to those reports, attackers were able to display fake ban messages.

Grant players roughly 2 billion R six credits and renowned and even unlock cosmetic items, including developer only skins.

R six credits are a premium currency sold for real money through Ubisoft Bleeping Computer notes that based on Ubisoft's pricing where 15,000 R six credits cost 99 99, the value of 2 billion credits would be roughly $13.3 million worth of in-game currency distributed for free.

Ubisoft publicly acknowledged the incident on Saturday morning, the official Rainbow Six Siege account confirmed they were aware of an issue affecting the game and said teams were working to resolve it not long after Ubisoft intentionally shut down Siege and its in-game Marketplace saying the team needed to focus on resolving the issue.

In a later update, Ubisoft said players would not be punished for spending the granted credits, but the company would be rolling back.

All transactions made since 11:00 AM UTC Ubisoft also said it did not generate the fake ban ticker messages and noted the ticker had already been disabled.

At this point, Ubisoft has not released a detailed formal explanation of how the breach occurred and Bleeping Computer reports.

The company has not yet responded to requests for additional technical details.

Now there's a second thread developing alongside this incident, and it may be related, but it remains unverified Bleeping Computer reports.

There are rumors of a broader compromise inside Ubisoft's infrastructure with some threat actors and online sources claiming access to internal systems beyond Rainbow Six Siege.

according to security research group, VX Underground threat actors have claimed they breached Ubisoft servers using Mongo Bleed.

VX Underground claims multiple, potentially unrelated threat groups may be involved with claims ranging from manipulating siege services to pivoting into internal Git repositories and stealing source code to even stealing Ubisoft user data in an extortion attempt.

But bleeping computer is clear.

None of these claims have been independently verified, including whether Mongo Bleed was actively exploited, whether internal source code was accessed, or whether customer data was stolen.

So here's what we know and what we don't.

As of this morning, Ubisoft has confirmed abuse inside Rainbow Six Siege, including currency and moderation, manipulation, and the company has taken the game and the marketplace offline while it works on remediation and roll back.

As for the claims of a larger breach involving Mongo Bleed and broader Ubisoft infrastructure compromised, those claims remain unconfirmed and there's currently no public evidence to support them beyond what threat actors and third parties are alleging.

Now to a major supply chain security incident in the cryptocurrency space.

Also, during the holidays Trust Wallet, a self custody mobile crypto wallet has confirmed that a compromised update to its chrome browser extension led to at least $7 million in stolen cryptocurrency after users reported their wallets drained shortly after interacting with the extension.

Bleeping computer says the compromised update was released on December 24th, and within hours, users began posting online that funds had disappeared.

Trust Wallet released extension version 68 0, shortly before the wallet drain reports began, a fixed update version 2.69 appeared shortly afterward.

Security researchers found suspicious logic inside a bundled JavaScript file named 4 4 82 js, which appeared to exfiltrate sensitive wallet data to an external server at api.

Metrics trusted wallet.com.

A domain registered only days earlier.

Researchers said it looked like analytics but would trigger when a seed phrase was imported, which is effectively a master key granting full control of a wallet Trust Wallet.

Has confirmed the incident and advised users to update immediately to version 2.69 Chang Pen Z, also known as cz.

Founder of Binance, the largest cryptocurrency exchange in the world.

Posted that roughly 7 million has been affected so far and said that trust wallet will cover losses.

Binance acquired Trust Wallet in 2018.

Attackers immediately doubled down with a phishing campaign.

Domains like fix trusts, wallet.com, impersonated trust, wallets, branding, and claim to fix the issue, but instead prompted victims to enter their recovery seed phrase, allowing attackers to drain more wallets instantly.

The guidance here is clear.

Verify that if you use this extension, it is updated to 2.69, and if a seed phrase may have been exposed, treat it as permanently unsafe, create a new wallet, and move remaining funds immediately.

And finally, a holiday themed crypto scam that looks like it came from a legitimate source.

GrubHub users, particularly merchant partners, received fraudulent messages that appeared to come from a real GrubHub email subdomain promising a tenfold Bitcoin payout in return for sending cryptocurrency to a specified wallet.

The emails claim to be part of a so-called holiday crypto promotion and came from an address on the b.grubhub.com domain.

a legitimate subdomain GrubHub uses to communicate with its merchant partners and restaurants.

The scam email told recipients there were 30 minutes left and promised GrubHub will 10 x any Bitcoin sent to this address.

For example, it claimed if you sent 1000, you would get back 10,000.

This is a classic crypto reward scam.

Victims are lured into sending funds with the false promise of receiving more back.

once the Bitcoin is sent, it's gone.

Some recipients speculated the emails could be tied to a DNS takeover or related infrastructure compromise, which could allow messages to pass authenticity checks, but Bleeping Computer notes, GrubHub has not provided details on how this happened.

In a statement, GrubHub said it investigated, contained the issue and is taking steps to ensure it doesn't happen again.

In case you're wondering, I did say last Monday would be the last regular news episode for the year, and I won't be making that mistake again.

Jim and I had a plan in place in case news broke over the holidays, and I was hoping we would all get a well deserved break, but it wasn't to be.

we will be keeping an eye on the news over the New Year's holidays, and if we need more episodes, particularly if Mongo Bleed takes off, if it was behind the Ubisoft breach and more, we will be back.

I've been your host, David Shipley.

I'll be back for sure for our regular episode on January 5th.

Jim, love Will Return in the new year.

Thanks for listening.

I hope all of you out there had a well-deserved break and enjoyed time with friends, family, and loved ones.

By the way, this year is ending.

We're going to need as much rest and reset as we can get heading into 2026.

If you enjoy the show, please tell others.

Consider leaving a review and remember to like and subscribe.

We'd love to reach even more people, and we continue to need your help.

Thanks for listening.

We'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises working with their partners Meter designs.

Deploys and manages everything required to get performant, reliable, and secure connectivity.

They design the hardware, the firmware, build the software, manage deployments, and run support.

It's a single integrated solution that scales from branch offices.

To warehouses and large campuses to data centers, book a demo at me.com/cst.

That's METE r.com/cst.