top of page
CTI Briefs
MongoDB Under Siege: Critical Memory Leak Exposes Secrets via MongoBleed
CVE-2025-14847 "MongoBleed” MongoDB Unauthenticated Memory Disclosure Vulnerability Classification: Threat Advisory Threat Level: High/Advisory Date Issued: 29 December 2025 Distribution: To: Security Operations Centers (SOC), Database Administrators (DBA), System Owners Executive Summary CVE-2025-14847, publicly disclosed and colloquially named "MongoBleed," is a critical, unauthenticated memory disclosure vulnerability affecting MongoDB Server across multiple versions.
DTG Threat Management Team
3 days ago5 min read
Cisco AsyncOS Under Siege: Zero-Day Remote Code Execution Threatens Secure Email Appliances
Critical Zero-Day Exploited in Cisco Secure Email Appliances (CVE‑2025‑20393) DTG Threat Intelligence is tracking active exploitation of CVE-2025-20393, a critical zero‑day vulnerability (CVSS 10.0) impacting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances running AsyncOS. The flaw allows unauthenticated remote attackers to execute arbitrary commands with root privileges, resulting in complete system compromise. Analysis links attacks to China‑b
DTG Threat Management Team
Dec 22, 20253 min read
React2Shell (CVE-2025-55182): Critical RCE Impacting React and Next.js
This report was developed by the DTG Threat Management Team, with analysis contributions from Darrel Inness and Alex Waintraub. Discovery and Disclosure On December 3, 2025, the React team disclosed CVE-2025-55182, a maximum‑severity (CVSS 10.0) remote code execution vulnerability in React Server Components, now widely referred to as “ React2Shell .” The flaw enables unauthenticated attackers to trigger server‑side code execution with a single crafted HTTP request against com
DTG Threat Management Team
Dec 9, 20253 min read
bottom of page