TechLetters ☕️ Attack shuts down China’s TikTok-scale platform. MongoDB memory leak PoC. US sanctions ex-EU digital chief wuuut.
Happy New Year!
Security
Unusual cyberattack on Kuaishou, one of China’s largest short-video platforms with over 400 million daily users (comparable to TikTok). Overwhelmed the service. The attack exploited vulnerabilities in livestream API interfaces, bypassing both real-name authentication and content review systems. Attackers deployed 17,000 compromised accounts, some of them real-name accounts that had apparently been hijacked, to broadcast p0rn and violent content. Some streams hide malicious links with malware capable to steal users’ WeChat accounts for fraud schemes. Coordinated campaign forced a complete shutdown of livestreaming functions, resulting in HK$16.4 billion (€1.9 billion) loss from the company’s market value in a single trading session. https://finance.sina.com.cn/tob/2025-12-23/doc-inhcucqk8404330.shtml
A proof-of-concept exploit for the MongoDB zlib decompression vulnerability that allows unauthenticated attackers to leak sensitive server memory. https://github.com/joe-desimone/mongobleed
Privacy
Cross-Site ETag Length Leak https://blog.arkark.dev/2025/12/26/etag-length-leak
Technology Policy
The US imposed visa sanctions on @ThierryBreton, former internal market European Commissioner responsible for the Digital Services Act. This is the first case of US sanctions against a (former) high-ranking EU official. In August 2024, Breton sent Elon Musk a letter ‘reminding of X’s responsibilities’. The US viewed this as unacceptable interference. Breton and four others are accused of censorship, organizing pressure on American platforms to censor specific content. Besides Breton, sanctions targeted heads of organizations dealing with disinformation: Imran Ahmed (Center for Countering Digital Hate), Clare Melford (Global Disinformation Index), and leaders of Germany’s HateAid. France’s Foreign Ministry strongly condemned the decision. Breton compared it to McCarthy-era witch hunts. The NGOs called the US actions an authoritarian attack on free speech and a challenge to European sovereignty. Rubio announced the possibility of additional sanctions. In overall, visa sanctions are a rather symbolic move.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: