LangChain, MongoDB Bugs Lead as AWS Expands AI QA Tools

Defensive updates and urgent advisories set the tone today. AWS broadened language coverage for automated contact-center quality evaluations, while researchers detailed critical flaws affecting LangChain orchestration and MongoDB servers, including one under active exploitation. Incidents ranged from a compromised browser wallet extension to large-scale in‑game currency abuse and a claimed subscriber data leak, underscoring the need for prompt patching and methodical incident response.

AI operations: Multilingual QA at scale

Amazon Connect added automated agent performance evaluations in Portuguese, French, Italian, German, and Spanish using generative AI. Managers can define custom criteria in natural language and receive scored assessments with written justifications, including cross‑language evaluation that produces standardized English output from non‑English interactions. The capability is available in eight regions (US East N. Virginia; US West Oregon; Europe Frankfurt and London; Canada Central; Asia Pacific Sydney, Tokyo, and Singapore) and integrates with Contact Lens workflows. Organizations can reduce manual QA effort and improve comparability across geographies, while accounting for data residency, privacy, compliance, and validation of model outputs.

Urgent fixes: LangChain and MongoDB

A critical serialization injection in LangChain Core allows crafted input to be interpreted as legitimate objects during deserialization, risking secret exposure and code execution. The Hacker News reports CVE‑2025‑68664 (CVSS 9.3) stems from unescaped dictionaries with internal 'lc' markers in dumps()/dumpd(), with LLM outputs a likely attack vector via fields such as additional_kwargs or response_metadata. Patches introduce an allowed_objects allowlist for load()/loads(), block Jinja2 templates by default, and switch secrets_from_env to false; fixes land in langchain-core 1.2.5 (and 0.3.81 for older lines), with a related LangChain.js issue (CVE‑2025‑68665). Recommended actions include upgrading immediately, treating LLM output as untrusted, tightening deserialization allowlists/namespaces, disabling automatic env‑secret loading, and sanitizing user‑controllable metadata.

A memory disclosure dubbed MongoBleed is being exploited to extract sensitive data from exposed MongoDB servers before authentication. BleepingComputer details CVE‑2025‑14847, where zlib‑compressed network messages can trigger the server to return allocated memory length, leaking adjacent heap data. Researchers observed a public proof‑of‑concept, and scanning found tens of thousands of potentially vulnerable instances. MongoDB released fixes (8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30) and noted MongoDB Atlas customers were patched automatically; a mitigation is to disable zlib and use zstd or Snappy. Detection tips include monitoring for anomalous connections with no metadata and using available log‑scanning tools. Given unauthenticated pre‑auth memory exposure, organizations should prioritize patching, audit access, and rotate credentials.

Active intrusions: wallets and games

Trust Wallet urged immediate updates to its Chrome extension after version 2.68 contained malicious code that exfiltrated plaintext mnemonics, leading to about $7 million in stolen cryptocurrency. The Hacker News reports the injected logic iterated through stored wallets, requested seed phrases during unlock, and sent secrets to api.metrics‑trustwallet[.]com via analytics redirection using posthog‑js. The affected listing served roughly one million users; a patched 2.69 is available, with mobile apps and other extension variants unaffected. Reported flows show funds moved through exchanges and cross‑chain services. Victims are advised to move assets to new wallets with fresh seeds, treat exposed recovery phrases as permanently compromised, and seek support only through official channels.

Separately, attackers manipulated internal Rainbow Six Siege systems to ban/unban players, inject fake ban tickers, unlock all cosmetics, and grant roughly 2 billion R6 Credits and Renown globally. BleepingComputer notes Ubisoft confirmed the incident, took the game and Marketplace offline, and plans to roll back all transactions since 11:00 UTC; players will not be punished for spending the credits. While online allegations suggest broader compromise, only the in‑game abuses are confirmed at this time. The episode highlights the operational impact when administrative controls are misused.

Espionage and data exposure

A threat actor posted what they claim is a WIRED subscriber database of 2,366,576 records, and independent checks matched multiple entries as legitimate. BleepingComputer reports the dataset contains mostly emails (2,366,574 unique), with optional PII: ~12.01% names, 8.21% addresses, 2.84% birthdays, 1.37% phone numbers; a very small portion holds more complete profiles. The actor also threatened additional releases tied to other Condé Nast brands. Condé Nast has not publicly confirmed a breach. Individuals should change reused passwords, enable MFA, and watch for targeted phishing; organizations should investigate access logs and accelerate disclosure if warranted.

Kaspersky tracked a long‑running, targeted espionage campaign by a China‑linked cluster known as Evasive Panda, using adversary‑in‑the‑middle and DNS poisoning to deliver tailored loaders and the MgBot implant. The Hacker News summarizes selective redirection of victims in Türkiye, China, and India via manipulated DNS responses, multi‑stage payloads delivered as encrypted PNGs, and per‑victim encryption using DPAPI and RC5, with final injection into svchost.exe. MgBot supports modular collection, keylogging, clipboard/audio capture, and browser credential theft. The operation illustrates refined use of DNS poisoning and selective delivery to sustain stealthy access.