Security
* Key takeaways: * A Massachusetts DIYer built a PoE-powered 16 ft driveway gate with four cameras and a 24V strobe to deter turnarounds. * The system uses Power over Ethernet (PoE) and a Ubiquiti AI turret with license-plate recognition for monitoring. * To avoid $27,000 of trenching, the builder ran sprinkler pipe
Security
* Key Takeaways: * MongoBleed (CVE-2025-14847) is an unauthenticated information-leak in MongoDB’s zlib decompression that can return uninitialized heap memory to attackers. * A public proof-of-concept appeared on Dec 26, 2025, and researchers report active exploitation; Censys and Wiz estimate tens of thousands of vulnerable, Internet-exposed instances. * Fixed releases are available for
Security
• Key Takeaways: * A public PoC called “mongobleed” exploits CVE-2025-14847, a memory-leak in MongoDB’s zlib decompression. * Attackers can extract uninitialized server memory without authentication, exposing logs, /proc data, connection UUIDs and client IPs. * Affected branches include MongoDB 5.0–8.2; fixes are available (see versions 5.0.32, 6.
Security
* Key Takeaways: * MongoBleed (CVE-2025-14847) is a high-severity, unauthenticated memory-disclosure bug in MongoDB’s zlib message decompression. * Censys identified more than 87,000 potentially vulnerable MongoDB instances exposed to the public internet. * A public PoC exploit by researcher Joe Desimone is available on GitHub; MongoDB has released patches — update immediately. What
Security
• Key takeaways: • Attackers abused internal Rainbow Six Siege systems to ban/unban players, show fake ban messages, and add roughly 2 billion R6 Credits and Renown. • All cosmetics — including developer-only skins — were unlocked; the credits are valued at about $13.3M based on Ubisoft pricing. • Ubisoft intentionally shut down Siege
Security
• Anna's Archive says it scraped roughly 86 million Spotify audio files — about 300 TB — and made metadata for ~256 million tracks available. • The group frames the collection as a "preservation archive" and claims the audio covers about 99.6% of Spotify listens. • Spotify says it identified
Security
• Riot’s Vanguard anti-cheat will block a subset of Valorant players until their motherboard BIOS includes a security patch. • The change targets a UEFI IOMMU bug (CVE-2025-11901, CVE-2025-14302–14304) that can allow pre-boot DMA access. • Patches are available for many newer Intel and AMD chipsets from ASRock, Asus, Gigabyte and
Security
* Key Takeaways: * Apple released iOS 26.2 with critical security fixes and also published iOS 18.7.3 for devices remaining on iOS 18. * Some iPhone owners who opted to stay on iOS 18 report being offered iOS 26.2 only, not the iOS 18.7.3 security update. * The
Security
* Key Takeaways: * Several ASRock, ASUS, GIGABYTE and MSI motherboards contain a UEFI implementation bug that reports DMA protection as enabled but fails to initialize the IOMMU during early boot. * Researchers from Riot Games and a CERT/CC advisory warn the mismatch allows physical attackers with a DMA-capable PCIe device to
Security
* A false earthquake alert for a magnitude 5.9 tremor in Nevada was issued by the United States Geological Survey (USGS). * The erroneous warning was sent to residents as far as 200 miles away, including California's San Francisco Bay Area. * USGS quickly retracted the alert, confirming it was
Security
* A credit card skimmer was discovered at the Family Dollar on 32nd Street Northeast in Cedar Rapids. * The Cedar Rapids Police Department confirmed the finding and has launched an active investigation. * Details are limited as the investigation is ongoing, but the incident highlights a growing national security threat. * The FBI
Security
* An Aransas Pass veteran, Mike Williams, lost thousands of dollars in a sophisticated Bitcoin ATM scam that started with a fake computer virus warning. * Scammers created a false sense of urgency, tricking him into believing his bank accounts were compromised and directing him to deposit cash into a specific Bitcoin