Update now: Atlassian discloses critical vulnerability in Confluence Server August 28, 2019 https://siliconangle.com/2019/08/28...ses-critical-vulnerability-confluence-server/
Atlassian warns of critical Confluence flaw 9.8-rated bug allows arbitrary code execution – possibly without authentication August 26, 2021 https://www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/
This cryptocurrency miner is exploiting the new Confluence remote code execution bug It didn't take long for CVE-2021-26084 to be added to exploit kits. September 22, 2021 https://www.zdnet.com/article/this-...the-new-confluence-remote-code-execution-bug/
Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns September 28, 2021 https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html
New Atom Silo ransomware targets vulnerable Confluence servers October 4, 2021 https://www.bleepingcomputer.com/ne...omware-targets-vulnerable-confluence-servers/ SophosLabs: Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
Hardcoded password in Confluence app has been leaked on Twitter Advisory had already warned hardcoded password was "trivial to obtain." July 22, 2022
To make it even more brilliant, they seem to not even own the email they hard coded in. https://twitter.com/fluepke/status/1550471087560982531 The email is mentioned here: https://confluence.atlassian.com/do...-security-advisory-2022-07-20-1142446709.html Source (german blog): https://blog.fefe.de/