Ubisoft just spent the tail end of December 2025 in a total defensive crouch. What started as a weird glitch in Tom Clancy’s Rainbow Six Siege turned into a full-blown backend catastrophe that forced the publisher to pull the plug on global servers for over 24 hours.1 This wasn’t a standard “the servers are acting up” situation; this was a fundamental compromise of their internal logic.
The chaos became undeniable on December 27, 2025. Players logging in were greeted with a surreal scene: their accounts were suddenly flush with approximately 2 billion R6 Credits—the game’s premium currency—and virtually every cosmetic item in the game was unlocked. For context, 15,000 credits usually retail for about $100, making the injected value per player essentially infinite.
Beyond the “Christmas come early” vibes, the attackers gained administrative control over the game’s moderation tools. They didn’t stop at credits:
While Ubisoft has been tight-lipped about the exact entry point, security researchers have pointed to a critical vulnerability tracked as CVE-2025-14847, colloquially known as MongoBleed. This exploit allowed threat actors to infiltrate internal databases and Git repositories.
| Vector | Impact |
| CVE-2025-14847 | Deep access to internal source code and database functions. |
| API Vulnerabilities | Broken authentication on endpoints allowed unauthorized administrative calls. |
| Backend Audit | Attackers essentially had the keys to the kingdom, including the ability to gift currency and modify account states. |
The consensus among the technical crowd is that Ubisoft’s backend infrastructure lacked the necessary authorization checks on key API endpoints, allowing the attackers to masquerade as high-level administrators.
Ubisoft’s solution was a scorched-earth policy. They initiated a global rollback of all player data to its state before December 27, 10:49 UTC.
The reality here is pretty grim for a triple-A studio. Managing a live-service game for a decade only to have the entire backend subverted by a known database vulnerability suggests a massive gap in their security-aware culture. It’s a reminder that even the biggest players in the industry are often running on legacy systems held together by duct tape and hope.
The post End of the Year: Ubisoft MongoDB Meltdown appeared first on Game Reviews, News, Videos & More for Every Gamer – PC, PlayStation, Xbox in 2026.
Ubisoft announced that an Assassin’s Creed Shadows update will arrive on November 24, 2025, and it will bring a permanent “A Puzzlement” story drop quest and a temporary Attack on Titan crossover event with optional paid in-store packs. Each involves both Naoe and Yasuke.
In the case of the Attack on Titan event, that will only run until December 22, 2025. It unlocks after Yasuke is available as a playable character. Both Naoe and Yasuke will investigate experiments and a cult with a person named Ada, who they’ll meet northeast of Yamashiro. A katana and objects will be able to be earned for free. The in-store items will let someone dress Naoe up as Mikasa ackerman and Yasuke as a Titan.
The story drop features both an environmental puzzle and new skills. Basically, it will involve each character learning signature sorts of moves from the other.
Here’s the full trailer for the Assassin’s Creed Shadows Attack on Titan crossover event.
It isn’t uncommon for this kind of crossover to appear in an Assassin’s Creed game. The Origins installment involved one with FFXV that led to themed content appearing in both games.
Assassin’s Creed Shadows is available on the PS5, Xbox Series X, and PC, with a Switch 2 version arriving on December 2, 2025, and the Attack on Titan crossover runs between November 25, 2025 and December 22, 2025. Kodansha handles the Attack on Titan manga, and the anime is streaming on services like Crunchyroll.
The post Assassin’s Creed Shadows Gets Attack on Titan Event appeared first on Siliconera.
