Case Studies

In-depth analyses of past cyber attacks and security incidents

MongoBleed: Pre-Authentication Heap Memory Disclosure in MongoDB (CVE-2025-14847)

A critical information disclosure vulnerability in MongoDB's network protocol that allows unauthenticated remote attackers to read sensitive data from server heap memory.

Dec 19, 202511 min read

React2Shell: Critical RCE in React Server Components (CVE-2025-55182)

SecurityCritical

Remote Code ExecutionPrototype Pollution

React2Shell: Critical RCE in React Server Components (CVE-2025-55182)

A critical remote code execution vulnerability in React Server Components that enables attackers to execute arbitrary server-side JavaScript through crafted Flight protocol payloads.

Dec 1, 20257 min read