📖 4 min read

Happy New Year. While you were offline, CISA added a deadline to your January calendar, deepfakes hit 85% of organizations, and ServiceNow wrote a $7.75 billion check.

The thread: your defaults failed. MongoDB's zlib compression ships enabled — 87,000 servers are leaking memory. Voice verification was good enough — until 85% of organizations got hit by deepfakes. Best-of-breed was the smart answer — until integration costs made it technical debt. Three stories, one question: what else are you trusting by default?

CISA added CVE-2025-14847 to its Known Exploited Vulnerabilities catalog December 29. Federal agencies must patch by January 19. So should you.

MongoBleed lets unauthenticated attackers extract credentials, API keys, and PII remotely. No login required. The flaw: zlib message decompression, enabled by default. A working exploit has been public since December 26. Wiz found 42% of cloud environments have at least one vulnerable instance. Source: BleepingComputer

🔐 CISO Take: Actively exploited. Patch to 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30. Can't patch now? Disable zlib compression today.

⚙️ CTO Take: Check IaC templates. If they deploy MongoDB without specifying compression settings, you're deploying vulnerable by default.

💻 CIO Take: MongoDB runs in analytics, CMS, microservices. Ask your teams where it's running that you don't know about.

IRONSCALES surveyed 500 security professionals: 85% experienced at least one deepfake incident in the past 12 months. Over 40% got hit three or more times. Among those that lost money, 61% exceeded $100,000.

Attackers now generate convincing video and audio during live calls — adaptive deception that responds in real time. Voice phishing using AI-generated voices increased 442% in late 2024. Gartner predicts by 2026, 30% of enterprises won't trust standalone identity verification. Source: IRONSCALES

🔐 CISO Take: Training didn't work. Require out-of-band confirmation for financial authorizations — callback to a known number, not the number on the call.

💻 CIO Take: Audit every workflow where voice or video substitutes for written authorization. If a Teams call can approve a wire transfer, that's a vulnerability.

⚙️ CTO Take: Biometrics without liveness detection and device attestation are compromised. Update your authentication stack.

📡 Network signal: Deepfake mentions appeared in network submissions for the first time in Q4 — a dozen leaders flagging it where there were zero before.

ServiceNow's largest acquisition: $7.75 billion cash for Armis, which owns asset visibility across IT, OT, and IoT. This follows December's Veza and Moveworks deals. Closes second half 2026. Source: GovConWire

💻 CIO Take: More than five security vendors doing overlapping jobs? You're paying integration tax. Start the consolidation conversation before your CFO does.

🔐 CISO Take: Platform plays trade flexibility for coverage. Map your capabilities against ServiceNow's roadmap. Know what gaps remain.

📡 Network signal: Vendor replacement mentions doubled year-over-year. Leaders aren't browsing — they're buying.

Find your MongoDB instances. Run db.serverStatus() on each. Unpatched? Escalate today. Time: 20 minutes.

Test your help desk. Call and request a password reset using only public LinkedIn info. If it works, you're deepfake-exploitable. Time: 15 minutes.

Count your security vendors. More than five with overlapping capabilities? That's Q1's consolidation list. Time: 10 minutes.

Deepfakes went from theoretical to operational in Q4.

One CIO framed the decision ahead:

That cost calculation just got easier. Ask Aflac.

What's your top 2026 priority? Reply — I'm building the first "State of IT Priorities" report from network data.

The quotes above come from IT leaders in the DoGood network — 5,000+ CIOs, CISOs, and CTOs sharing what they're actually working on.

You control your calendar. Every meeting is opt-in, pre-screened, and paid.

Apply to Join →