{"id":47158,"date":"2022-06-17T18:30:00","date_gmt":"2022-06-17T18:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/atlassian-confluence-server-vulnerability-active-attack-ransomware"},"modified":"2022-06-17T18:30:00","modified_gmt":"2022-06-17T18:30:00","slug":"atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/","title":{"rendered":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A recently disclosed&nbsp;critical remote code execution (RCE) vulnerability in Atlassian&#8217;s Confluence Server collaboration platform is now under active attack, in a spate of attacks bent on&nbsp;deploying a variety of malware, including ransomware.<\/p>\n<p>Researchers from Sophos have observed several attacks over the past two weeks in which&nbsp;attackers used automated exploits against vulnerable Confluence instances running on Windows and Linux servers. In at least two of the Windows-related incidents, adversaries exploited the Atlassian vulnerability to drop Cerber ransomware on the victim networks, the security vendor said in a report Thursday.<\/p>\n<p>Atlassian <a href=\"https:\/\/www.darkreading.com\/cloud\/actively-exploited-atlassian-zero-day-bug-full-system-takeover\" target=\"_blank\" rel=\"noopener\">disclosed the vulnerability<\/a> in Confluence Server (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-26134\" target=\"_blank\" rel=\"noopener\">CVE-2022-26134<\/a>) over Memorial Day weekend, after researchers from Volexity informed the company about the issue, which they discovered while investigating a breach at a customer location.&nbsp;<\/p>\n<p>The bug \u2014 present in all current versions of Atlassian Confluence Server and Confluence Data Center \u2014 basically gives <a href=\"https:\/\/www.volexity.com\/blog\/2022\/06\/02\/zero-day-exploitation-of-atlassian-confluence\/\" target=\"_blank\" rel=\"noopener\">unauthenticated attackers<\/a> a way to drop a remotely accessible in-memory-only Web shell on systems running a vulnerable version of the collaboration software. In the attack that Volexity investigated, the threat actors then used the Web shell access to drop other malware on the compromised system, which, among other things, gave them persistent backdoor access to it.<\/p>\n<p>The bug stirred some concern because it gave attackers a way to access potentially sensitive project, customer, and other data in Confluence environments. At the time the bug was disclosed, Atlassian did not have a patch for it. However, the company <a href=\"https:\/\/www.volexity.com\/blog\/2022\/06\/02\/zero-day-exploitation-of-atlassian-confluence\/\" target=\"_blank\" rel=\"noopener\">released a fix one a day later<\/a>, on June 3.<\/p>\n<h2 class=\"regular-text\">Ongoing Confluence Attacks<\/h2>\n<p>According to Sophos, while the number of vulnerable Confluence servers has been dwindling since then, attacks continue, making it more important than ever to patch. In most of the attacks that the security vendor observed, threat actors appeared to be using the fileless Web shell to try and spread an existing collection of malware tools more widely.&nbsp;<\/p>\n<p>The various payloads that Sophos observed include Mirai bot variants, a cryptominer known as z0miner, and pwnkit, a tool for gaining root access on most Linux distributions. Sophos said it also observed attackers exploiting the Atlassian Confluence vulnerability to drop ASP- and PHP-based Web shells on vulnerable systems, likely as a precursor to dropping other malware on them.<\/p>\n<p>Sophos said it also has observed attackers running PowerShell commands and downloading shell code for deploying the post-compromise Cobalt Strike toolkit on Windows servers running a vulnerable version of Confluence. In two incidents, a threat actor tried to deploy Cerber ransomware via the Confluence exploit using an encoded PowerShell command to download and execute the malware. In both incidents, the attackers suggested they had also stolen data from the victims for use as additional leverage for extracting a ransom payment.&nbsp;<\/p>\n<p>However, there was no evidence that the threat actors had actually exfiltrated any data, Sophos said.<\/p>\n<h2 class=\"regular-text\">Double-Extortion Threats<\/h2>\n<p>Double-extortion ransomware attacks like the Cerber incidents have become increasingly common since the Maze ransomware group started the trend back in early 2020. With these attacks, threat actors not only encrypt data, but they also threaten to publicly release the data if their ransom demands are not met. <\/p>\n<p>A recent study of the practice&nbsp;by Rapid7 showed that threat actors trying to coerce victims into paying a ransom <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2022\/06\/16\/new-report-shows-what-data-is-most-at-risk-to-and-prized-by-ransomware-attackers\/\" target=\"_blank\" rel=\"noopener\">most frequently leaked<\/a> a company\u2019s financial data (63%) first, followed by customer data (48%). However, Rapid7 found variances by industry in the types of data that attackers tend to leak initially.&nbsp;<\/p>\n<p>For instance, with financial services victims, attackers generally tended to leak customer data first (83% of the time), instead of the victim&#8217;s internal financial data. However, when it came to organizations in the healthcare and pharmaceutical sectors, ransomware actors leaked the victim&#8217;s financial data 71% of the time, which was more substantially more frequent than incidents involving leaks of customer data.<\/p>\n<p>Rapid7 also discovered differences among ransomware actors when it comes to the type of data they leaked. For instance, 81% of the incidents involving Conti ransomware featured publicly leaked financial data. The Cl0p group, on the other hand, disclosed employee information (70%) more than any other type of information.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/atlassian-confluence-server-vulnerability-active-attack-ransomware\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most of the attacks involve the use of automated exploits, security vendor says.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/atlassian-confluence-server-vulnerability-active-attack-ransomware\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-47158","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-17T18:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware\",\"datePublished\":\"2022-06-17T18:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/\"},\"wordCount\":693,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte76dff350a8a2738\\\/62acba62dece46707ae952e2\\\/atlassian_Michael_Vi_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/\",\"name\":\"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte76dff350a8a2738\\\/62acba62dece46707ae952e2\\\/atlassian_Michael_Vi_shutterstock.jpg\",\"datePublished\":\"2022-06-17T18:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte76dff350a8a2738\\\/62acba62dece46707ae952e2\\\/atlassian_Michael_Vi_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte76dff350a8a2738\\\/62acba62dece46707ae952e2\\\/atlassian_Michael_Vi_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-06-17T18:30:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware","datePublished":"2022-06-17T18:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/"},"wordCount":693,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/","url":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/","name":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg","datePublished":"2022-06-17T18:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte76dff350a8a2738\/62acba62dece46707ae952e2\/atlassian_Michael_Vi_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/atlassian-confluence-server-bug-under-active-attack-to-distribute-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47158"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47158\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}