AnonymousMedia.org

Category: Uncategorized

  • Thailand accuses Cambodia of breaking newly signed ceasefire

    Thailand accuses Cambodia of breaking newly signed ceasefire


    Getty Images Cambodian military police officers stand guard Getty Images

    The Thai army said than more than 250 unmanned aerial vehicles (UAVs) were detected flying from the Cambodian side

    Thailand’s army has accused Cambodia of breaching a newly-signed ceasefire deal reached after weeks of deadly clashes that forced nearly one million people from their homes.

    In a statement, the Thai army said than more than 250 unmanned aerial vehicles (UAVs) were detected flying from the Cambodian side on Sunday night.

    The ceasefire took effect at noon local time (05:00 GMT) on Saturday. Both sides agreed to freeze the front lines where they are now, ban reinforcements and allow civilians living in border areas to return as soon as possible.

    It had been seen as a breakthrough, which came after days of talks between both countries, with diplomatic encouragement from China and the US.

    In a statement on Monday, the Royal Thai Army said Cambodia’s actions “constitute provocation and a violation of measures aimed at reducing tensions”, adding that they were “inconsistent” with the terms of the ceasefire.

    It also said it “may need to reconsider” the release of 18 Cambodian soldiers held in Thailand since July.

    Thailand would be “obliged to act in accordance… [if] violations of agreements and national sovereignty continue”, it added.

    Cambodia has not yet commented.

    It comes just hours after China’s Foreign Minister Wang Yi praised the “hard-won” ceasefire, and US President Donald Trump praised the “rapid and fair conclusion”.

    The dispute between Thailand and Cambodia is not new, dating back more than a century.

    The latest tensions ramped up earlier this year, after a group of Cambodian women sang patriotic songs in a disputed temple.

    A Cambodian soldier was killed in a clash in May. This plunged relations between the countries to their lowest point in more than a decade.

    There were five days of intense fighting along the border, which left dozens of soldiers and civilians dead. Thousands more civilians were displaced.

    A fragile ceasefire deal was agreed in July and signed in October. It then collapsed earlier this month, when fresh clashes erupted.

    Both sides blamed each other for the breakdown of the truce.



    Source link

  • MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

    MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide


    Dec 29, 2026Ravie LakshmananDatabase Security / Vulnerability

    A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.

    The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed.

    “A flaw in zlib compression allows attackers to trigger information leakage,” OX Security said. “By sending malformed network packets, an attacker can extract fragments of private data.”

    Cybersecurity

    The problem is rooted in MongoDB Server’s zlib message decompression implementation (“message_compressor_zlib.cpp”). It affects instances with zlib compression enabled, which is the default configuration. Successful exploitation of the shortcoming could allow an attacker to extract sensitive information from MongoDB servers, including user information, passwords, and API keys.

    “Although the attacker might need to send a large amount of requests to gather the full database, and some data might be meaningless, the more time an attacker has, the more information could be gathered,” OX Security added.

    Cloud security company Wiz said CVE-2025-14847 stems from a flaw in the zlib-based network message decompression logic, enabling an unauthenticated attacker to send malformed, compressed network packets to trigger the vulnerability and access uninitialized heap memory without valid credentials or user interaction.

    “The affected logic returned the allocated buffer size (output.length()) instead of the actual decompressed data length, allowing undersized or malformed payloads to expose adjacent heap memory,” security researchers Merav Bar and Amitai Cohen said. “Because the vulnerability is reachable prior to authentication and does not require user interaction, Internet-exposed MongoDB servers are particularly at risk.”

    Data from attack surface management company Censys shows that there are more than 87,000 potentially vulnerable instances, with a majority of them located in the U.S., China, Germany, India, and France. Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847. This includes both internet-exposed and internal resources.

    Cybersecurity

    The exact details surrounding the nature of attacks exploiting the flaw are presently unknown. Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Patches for MongoDB Atlas have been applied. It’s worth noting that the vulnerability also affects the Ubuntu rsync package, as it uses zlib.

    As temporary workarounds, it’s recommended to disable zlib compression on the MongoDB Server by starting mongod or mongos with a networkMessageCompressors or a net.compression.compressors option that explicitly omits zlib. Other mitigations include restricting network exposure of MongoDB servers and monitoring MongoDB logs for anomalous pre-authentication connections.



    Source link

  • Trump says progress made in Ukraine talks but ‘thorny issues’ remain

    Trump says progress made in Ukraine talks but ‘thorny issues’ remain


    Donald Trump and Volodymyr Zelensky said progress had been made to end the Ukraine war during Florida talks but the US leader added “one or two very thorny issues” remained.

    While both the US and Ukrainian presidents described the talks as “great”, Trump reiterated that a key sticking point was the question of territory. Russia has previously demanded that Ukraine hand over more land.

    Addressing reporters at Mar-a-Lago, Zelensky said they had come to an agreement on “90%” of a 20-point peace plan, while Trump said a security guarantee for Ukraine was “close to 95%” done.

    Zelensky later said US and Ukrainian teams would meet next week for further talks on issues aimed at ending Russia’s nearly four-year war in Ukraine.

    “We had a substantive conversation on all issues and highly value the progress that the Ukrainian and American teams have made over the past weeks,” Zelensky said in a statement on the Telegram messaging app.

    Russia launched a full-scale invasion of Ukraine in February 2022, and Moscow currently controls about 20% of Ukrainian territory.

    A proposal to turn the Donbas region in eastern Ukraine, which Russia largely controls, into a demilitarised zone remains “unresolved”, Trump said.

    “Some of that land has been taken,” he told reporters after the meeting. “Some of that land is maybe up for grabs, but it may be taken over the next period of a number of months.”

    Moscow currently controls about 75% of the Donetsk region, and some 99% of the neighbouring Luhansk. The regions are collectively known as Donbas.

    Russia wants Ukraine to pull back from the small part of the territory it still controls in Donbas, while Kyiv has insisted the area could become a free economic zone policed by Ukrainian forces.

    The US president has repeatedly changed his own position on Ukraine’s lost territories, and in September stunned observers by suggesting that Ukraine might be able to take it back. He later reversed course.

    “[That] is a very tough issue,” he said. “One that will get resolved.”

    Security guarantees for Ukraine are “95% done”, Trump said, without formally committing to logistical support or troop deployment to help protect Ukraine from future attacks.

    Trump floated the possibility of trilateral talks between the US, Russia, and Ukraine, saying it could happen “at the right time”.

    While the US president is keen to add the Ukraine-Russia war to the list of conflicts he claims to have ended, he cautioned that stalled or scrapped talks that go “really badly” could mean that the war continues.

    Earlier Trump had a phone call with Russian President Vladimir Putin. While the US president did not offer many details of the phone call, he said he believed the Russian leader “wants Ukraine to succeed”.

    At the same time, Trump acknowledged that Moscow had little interest in a ceasefire that would allow Ukraine to hold a referendum.

    “I understand that position,” he added.

    Russian foreign policy adviser Yuri Ushakov said the call was initiated by Trump and that he and Putin discussed the latest EU and Ukraine proposals to end the war.

    Ushakov, Russia’s former US ambassador, said Trump listened to the Kremlin’s assessment of the proposals and the two presidents left the call united in their belief that a temporary ceasefire proposed by the EU and Ukraine would instead prolong the conflict.

    Zelensky suggested the Ukrainian officials could meet at the White House in January, potentially alongside European leaders, as the US and Ukrainian delegations finalise plans for further talks.

    In a post-meeting call with European allies, European Commission President Ursula von der Leyen hailed “good progress” in the Florida talks while reinforcing the need for Ukraine to receive “ironclad security guarantees from day one”.

    French President Emmanuel Macron also said Kyiv’s allies would meet in Paris next month to discuss security guarantees.

    “We will bring together the countries of the Coalition of the Willing in Paris in early January to finalise each one’s concrete contributions,” Macron said on X after speaking with Zelensky and Trump.



    Source link