22.Lock ScreenEffect

Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs.

Successful exploitation of this flaw (tracked as CVE-2021-26084) allows unauthenticated attackers to create new admin accounts, execute commands, and ultimately take over the server remotely to backdoor Internet-exposed servers.

After proof-of-concept (PoC) exploits were published online, cybersecurity firm GreyNoise said it detected an almost ten-fold increase in active exploitation, from 23 IP addresses attempting to exploit it to more than 200.