🇫🇷 Ville de Lens (villedelens.fr) a été victime d'une cyberattaque autour du 22 décembre 2025.

La Ville de Lens a subi une cyberattaque qui affecte le fonctionnement de ses services municipaux, mais tous les services restent accessibles aux horaires d'ouverture habituels. La municipalité a mis en place des mesures de sécurité et de protection des données et invite les usagers à ne contacter le numéro de contact qu'en cas d'urgence. La situation est en cours de diagnostic et la municipalité communiquera sur son évolution via ses réseaux sociaux.

👉 https://actu.fr/hauts-de-france/lens_62498/la-ville-de-lens-touchee-par-une-cyberattaque-une-plainte-deposee_63624565.html

Merry Christmas to everybody, except that dude who works for Elastic, who decided to drop an unauthenticated exploit for MongoDB on Christmas Day, that leaks memory and automates harvesting secrets (e.g. database passwords)

CVE-2025-14847 aka MongoBleed

Exp: https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

This one is incredibly widely internet facing and will very likely see mass exploitation and impactful incidents

Impacts every MongoDB version going back a decade.

Shodan dork: product:"MongoDB"

🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - all fixed, $10k bounty

What I found:

• "Expiring" videos didn't expire, URLs stayed valid forever
• Decrement attachment ID = anyone's private videos
• Location feature bypassed photo permission checks (why upload a map preview image through the photo system??)
• Fake system messages (made a Raid Shadow Legends sponsorship lol)

The good news: Taimi actually handled this right. Fast response, $10k bounty, everything fixed quickly. No lawyers, no threats.

This is how disclosure should work. Take notes, Lovense.

Full writeup: https://bobdahacker.com/blog/taimi-idor

#InfoSec #BugBounty #ResponsibleDisclosure #IDOR #Taimi #DatingApp #Security #Privacy #CyberSecurity #LGBTQ

Tür. Mit Fenster drumrum.




#FensterFreitag #photography