Atlassian Confluence Hit by Newly Actively Exploited Zero-Day – Patch Now

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to

Posted from: Click here for the full article.

留言

發佈留言

此網誌的熱門文章

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code Posted from: Click here for the full article .
閱讀更多

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days," Posted from: Click here for the full article .
閱讀更多

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger Posted from: Click here for the full article .
閱讀更多