Trend Micro observed a new attack vector of weaponization for the vulnerability CVE-2023-22527 using the Godzilla backdoor. Following initial exploitation, a loader was loaded into the Atlassian victim server which loads a Godzilla webshell.
On January 16, 2024, Atlassian released a security advisory for CVE-2023-22527, a vulnerability that affects Confluence Data Center and Confluence Server products. In response to this, Trend Micro released its own technical analysis and coverage of the vulnerability, which has also been associated with crypto-mining activities. The vulnerability is marked critical with a Common Vulnerability Scoring System (CVSS) score of 10.
Read more…
Source: Trend Micro
Related:
- Trellix confirms data breach after hack of ‘a portion’ of its source code
May 5, 2026
Cybersecurity giant Trellix has confirmed suffering a cyberattack in which threat actors accessed parts of its source code. In a brief announcement published on its website, Trellix said it had identified “unauthorized access to a portion of source code repository”. As soon as it spotted the intrusion, the company brought in third-party security experts to ...
- Quasar Linux (QLNX) – Inside a Full-Featured Linux RAT
May 4, 2026
In previous research, Trend Micro have demonstrated how AI can be used to improve detection accuracy when new malware families emerge, particularly those that reuse or share code from open-source repositories. In this blog entry, Trends Micro researchers present another compelling finding from the same approach. Trend Micro platform recently flagged an unusual Linux implant with ...
- Thousands of Facebook accounts stolen by phishing emails sent through Google
May 4, 2026
Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The attackers found a way to send phishing emails that come “through Google,” making them look legitimate ...
- Employees are now more dangerous to their company than external hackers
May 4, 2026
New data from Orange Cyberdefense has suggested the biggest risks companies face could now be coming from inside, with internal threats rising from 47% to 57% in the space of less than a year. For the first time ever, internal threats have become more common that external ones, with hacking remaining pretty steady at 31% of ...
- Hackers crawled Canadian streets with SMS blasters causing 13 million network disruptions
May 1, 2026
Authorities in Canada have disclosed details of a mobile cyber operation that relied on SMS blasters mounted inside vehicles moving through urban areas. Three suspects drove around downtown Toronto with these hidden devices running in their cars, impersonating cell towers. The Toronto Police Service confirmed that this marked the first operation of its kind ever recorded ...
- Pro-Iran crew turns DDoS into shakedown as Ubuntu com stays down
May 1, 2026
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. “I can confirm that Canonical’s web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack” a Canonical spokesperson told The Register. “Our teams are working to restore full availability to all ...