A critical vulnerability in Atlassian’s Confluence enterprise server app that allows for malicious commands and reset servers is under active exploitation by threat actors in attacks that install ransomware, researchers said.
“Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a risk of significant data loss,” Glenn Thorpe, senior director of security research and detection engineering at security firm GreyNoise, wrote on Mastodon on Sunday. “So far, the attacking IPs all include Ukraine in their target.”
He pointed to a page showing that between 12 am and 8 am on Sunday UTC
→ Continue reading at Ars Technica