Merry Christmas Day! Have a MongoDB security incident.

A public proof-of-concept exploit called "MongoBleed" targets CVE-2025-14847 in MongoDB, enabling unauthenticated memory reads that can expose plaintext database passwords and cloud secrets; the vuln affects many versions going back roughly a decade, an estimated ~200k internet-facing instances exist, the exploit has been validated and published, and immediate patching of internet-facing assets is recommended.