This article details the MongoBleed vulnerability (CVE-2025-14847) in MongoDB, which allows attackers to extract sensitive data from server memory without authentication. It outlines a detection method using Velociraptor to identify exploitation attempts by analyzing connection patterns in MongoDB logs.

The DetectRaptor repository provides a collection of Velociraptor detection artifacts for easy public access and use. Users can import the VQL zip file into Velociraptor through the artifact exchange feature, which includes various detection methods for Windows, Linux, and macOS systems. Current artifacts cover a range of detection scenarios, including malware and system behavior analysis.