Atlassian: Unpatched critical flaw under attack right now to hijack Confluence - and it's been there since 2013 - The Register

CISA's suggested action is to take the thing offline until it can be fixed, Atlassian has added a possible defence

Updated Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated r… [+4043 chars]

full article...