Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a […]

Continue Reading

Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible. There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers. About CVE-2022-26138 […]

Continue Reading

Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day

A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […]

Continue Reading

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134, affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from […]

Continue Reading

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […]

Continue Reading

Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)

A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. There is currently no fix available – though they are expected to be released today (Friday) – and users of the popular enterprise collaboration solution are advised to either temporarily restrict access […]

Continue Reading

The 15 most exploited vulnerabilities in 2021

In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency. Most exploited vulnerabilities, new and old Compiled by cybersecurity authorities from the Five Eyes intelligence alliance, the list of top 15 CVEs routinely […]

Continue Reading