Security News > 2023 > October > CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.
One week after CISA added the bug to its list of known exploited vulnerabilities, Microsoft revealed that a Chinese-backed threat group tracked as Storm-0062 has been exploiting the flaw as a zero-day since at least September 14, 2023.
Last year, CISA ordered federal agencies to address another critical Confluence vulnerability exploited in the wild.
Microsoft: State hackers exploiting Confluence zero-day since September.
Atlassian patches critical Confluence zero-day exploited in attacks.