AnonymousMedia.org

Category: Uncategorized

  • Poland scrambles jets as Russia strikes Kyiv before US-Ukraine peace talks

    Poland scrambles jets as Russia strikes Kyiv before US-Ukraine peace talks


    Adam Goldsmithand

    Tiffany Wertheimer

    Reuters A firefighter works at a residential building that is ablazeReuters

    A house was hit in Kyiv during a Russian aerial assault on the capital

    Polish fighter jets have been scrambled on its border with Ukraine, after the Ukrainian capital Kyiv was hit by Russian missiles and drones overnight.

    Poland’s military said its air force took a “preventative” response to secure its airspace, after at least one person was killed and 28 others were injured in Kyiv, Ukraine’s State Emergency Service reported.

    As the fighting continues, so does the work to get a peace deal that all sides can agree to. Ukrainian President Volodymyr Zelensky is set to meet Donald Trump in Florida on Sunday.

    But following the latest Russian strikes, Zelensky has repeated his claim that Russia does “not want to end the war and is trying to use every opportunity to inflict more pain on Ukraine”.

    Writing on Telegram, Zelensky said that Russia directed almost 500 drones and 40 missiles towards Kyiv, targeting energy and civilian infrastructure.

    Pictures show apartment buildings with gaping holes and homes on fire following the strikes.

    Thousands of buildings have had their power cut, Kyiv Mayor Vitali Klitschko said, and many are without heating, as temperatures plummet to below freezing.

    Ukraine’s State Emergency Service said that 68 people were evacuated from a retirement home in the eastern Darnytskyi district.

    “Russian representatives are having long conversations, but in reality the Daggers [missiles] and Shaheds [drones] are speaking for them,” Zelensky wrote on Telegram, saying that Vladimir Putin does not want to end the war.

    “This sick activity can only be responded to with really strong steps. America has this opportunity, Europe has this opportunity, many of our partners have this opportunity,” he wrote, urging allies to show strength against Russian aggression.

    The strikes saw Poland, which shares a 530km-long (320-miles) border with western Ukraine, ready its fighter jets, ground-based air defence systems and radar reconnaissance.

    The move was “aimed at securing and protecting the airspace, especially in areas adjacent to the threatened regions,” Poland’s Armed Forces said.

    Later on Saturday morning, it concluded that there had been no violation of the country’s airspace.

    Meanwhile, Russia’s defence ministry said its air defences destroyed seven Ukrainian drones overnight.

    Reuters A pink apartment building with a huge hole in the side of it and a firefighter on a crane spraying water into it.Reuters

    Several buildings in Kyiv were badly damaged from Russian strikes

    On Saturday, Zelensky, EU leaders and European Commission president Ursula von der Leyen are expected to hold a phone call to discuss the road to peace.

    Zelensky’s new 20-point draft is a revised version of an earlier 28-point plan which was drafted by US special envoy Steve Witkoff, but widely seen as being too favourable to Russia.

    The Ukrainian president has voiced optimism around the new draft, describing it as “a foundational document on ending the war”, but Trump warned that Zelensky “doesn’t have anything until I approve it” in an interview with Politico.

    The draft reportedly includes security guarantees from the US, Nato and European allies for a co-ordinated military response if Russia were to invade Ukraine again.

    Control of Ukraine’s eastern Donbas has been a sticking point in talks so far, but now Zelensky has said a “free economic zone” could be an option.

    Trump told Politico that he was expecting to see the new draft on Sunday.

    “I think it’s going to go good with him. I think it’s going to go good with [Vladimir] Putin,” Trump said in the interview, adding that he expects to speak with Russia’s president “soon”.



    Source link

  • New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

    New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory


    Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability

    MongoDB Flaw

    A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory.

    The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the actual length of the associated data.

    “Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client,” according to a description of the flaw in CVE.org.

    Cybersecurity

    The flaw impacts the following versions of the database –

    • MongoDB 8.2.0 through 8.2.3
    • MongoDB 8.0.0 through 8.0.16
    • MongoDB 7.0.0 through 7.0.26
    • MongoDB 6.0.0 through 6.0.26
    • MongoDB 5.0.0 through 5.0.31
    • MongoDB 4.4.0 through 4.4.29
    • All MongoDB Server v4.2 versions
    • All MongoDB Server v4.0 versions
    • All MongoDB Server v3.6 versions

    The issue has been addressed in MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.

    “An client-side exploit of the Server’s zlib implementation can return uninitialized heap memory without authenticating to the server,” MongoDB said. “We strongly recommend upgrading to a fixed version as soon as possible.”

    Cybersecurity

    If immediate update is not an option, it’s recommended to disable zlib compression on the MongoDB Server by starting mongod or mongos with a networkMessageCompressors or a net.compression.compressors option that explicitly omits zlib. The other compressor options supported by MongoDB are snappy and zstd.

    “CVE-2025-14847 allows a remote, unauthenticated attacker to trigger a condition in which the MongoDB server may return uninitialized memory from its heap,” OP Innovate said. “This could result in the disclosure of sensitive in-memory data, including internal state information, pointers, or other data that may assist an attacker in further exploitation.”



    Source link

  • Thailand and Cambodia agree ceasefire after weeks of deadly clashes

    Thailand and Cambodia agree ceasefire after weeks of deadly clashes


    Thailand and Cambodia have agreed to an immediate ceasefire, the defence ministers of both countries have said in a joint statement.

    The two sides have agreed to freeze the front lines where they are now, and allow civilians living in border areas to return home, halting almost three weeks of intense clashes in which hundreds of soldiers are believed to have died and nearly one million people displaced.

    The ceasefire took effect at noon local time (05:00 GMT) on Saturday. Once it has been in place for 72 hours, 18 Cambodian soldiers held by Thailand since July will be released, the statement said.

    The breakthrough came after days of talks between the two countries, with diplomatic encouragement from China and the US.

    The agreement prioritises getting the displaced back to their homes, and also includes an agreement to remove landmines.

    Thailand’s Defence Minister Natthaphon Narkphanit described the ceasefire as a test for the “other party’s sincerity”.

    “Should the ceasefire fail to materialise or be violated, Thailand retains its legitimate right to self-defence under international law,” he told reporters.

    Thailand had been reluctant to accept the ceasefire, saying the last one was not properly implemented. They also resented what they saw as Cambodia’s efforts to internationalise the conflict.

    Unlike the last ceasefire in July, US President Donald Trump was conspicuously absent from this one, although the US State Department was involved.

    That ceasefire agreement collapsed earlier this month, when fresh clashes erupted.

    Both sides have blamed each other for the breakdown of the truce.

    The Thai army said its troops had responded to Cambodian fire in Thailand’s Si Sa Ket province, in which two Thai soldiers were injured.

    Cambodia’s defence ministry said it was Thai forces that had attacked first, in Preah Vihear province, and insisted that Cambodia did not retaliate.

    Clashes have continued throughout December. On Friday, Thailand carried out more air strikes inside Cambodia.

    The Thai Air Force said it had hit a Cambodian “fortified military position” after civilians had left the area. Cambodia’s defence ministry said the strikes were “indiscriminate attacks” against civilian houses.

    How well the ceasefire holds this time depends to a large extent on political will. Nationalist sentiment has been inflamed in both countries.

    Cambodia, in particular, has lost many soldiers and a lot of its military equipment. It has been driven back from positions it held on the border, and suffered extensive damage from the Thai air strikes, grievances which could make a lasting peace harder to achieve.

    Disagreement over the border dates back more than a century, but tension increased early this year after a group of Cambodian women sang patriotic songs in a disputed temple.

    A Cambodian soldier was killed in a clash in May, and two months later, in July, there were five days of intense fighting along the border, which left dozens of soldiers and civilians dead. Thousands more civilians were displaced.

    Following intervention by Malaysia and President Trump, a fragile ceasefire was negotiated between the two countries, and signed in late October.

    Trump dubbed the agreement the “Kuala Lumpur Peace Accords”. It mandated both sides to withdraw their heavy weapons from the disputed region, and to establish an interim observer team to monitor it.

    However, the agreement was suspended by Thailand in November after Thai soldiers were injured by landmines, with Thai Prime Minister Anutin Charnvirakul announcing that the security threat had “not actually decreased”.



    Source link