Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability


Microsoft has linked the exploitation of a recently reported critical issue in Atlassian Confluence Data Center and Server to Storm-0062 (aka DarkShadow or Oro0lxy), a nation-state actor.

“CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server,” the company said in a series of tweets.x000D CVE-2023-22515 allows any device with a network connection to a susceptible application to establish a Confluence administrator account within the program.

Read More…