Shawn Smith, director of infrastructure at nVisium, told ZDNet that the Atlassian Confluence vulnerability is “definitely still being exploited.”

“If we look at the list of versions that are vulnerable, it includes nearly every version — all the way back to the 4.x.x line, which was originally released in 2011. Looking at the early details, we know that nearly 15,000 servers were present online before the vulnerability disclosure — and eight days later that number had dropped by less than 4,000,” Smith said.

“Now, we’re only an additional five days beyond that and it’s unlikely that a significant number of servers were patched, especially considering it was a holiday weekend in the United States.”

Read the entire article here!