Proof of concept (PoC) exploit code for a critical vulnerability in Atlassian’s Confluence Data Center and Server technology has become publicly available. ShadowServer reported 36 unique IP addresses attempting to exploit the vulnerability over 24 hours. The bug allows attackers to access privileged functionality and data, and can delete or block data on a Confluence instance. Despite the vulnerability becoming public, there are reportedly no active exploits yet. Atlassian recommends immediate actions for protection and patching of the system.

The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.