December 9, 2023

The Jenkins Project disclosed a security breach after threat actors compromised one of their internal servers and installed a cryptocurrency miner. Maintained by Jenkins community it’s a powerful open source automation tool

The attackers breached a deprecated Confluence service used by the organization exploiting the Confluence CVE-2021-26084 vulnerability. In response to the incident, the Jenkins team took the affected server offline and launched an investigation into the security incident.

The maintainers of the project are not aware of any compromise for Jenkins releases, plugins, or source code have been affected.

Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Its only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.

Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023
%d