Bleeping Computer

Critical Atlassian Confluence zero-day actively used in attacks

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a ...
Bleeping Computer

Atlassian: Confluence hardcoded password was leaked, patch now!

Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and ...
SiliconRepublic

Atlassian issues security alert to users of its Confluence software

Confluence Server and Data Center have been targeted by a cyberattack that exploits a flaw that allows attackers to execute code remotely. Atlassian has issued a critical security warning to users of ...
Threat Post

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. Threat actors are using public exploits to pummel a critical zero ...
Ars Technica

Critical vulnerability in Atlassian Confluence server is under “mass exploitation”

A critical vulnerability in Atlassian’s Confluence enterprise server app that allows for malicious commands and resets servers is under active exploitation by threat actors in attacks that install ...