Last week, Atlassian patched an unauthenticated remote code execution vulnerability in its Confluence Server and Data Center products. Confluence is a "Wiki" like product used by software development teams to document and organize the software development process. I would expect that most Atlassian customers use the cloud-hosted version of the software managed by Atlassian. But if you are running your own Atlassian server, you had to patch this yourself. Sadly, the vulnerability was discovered after it had already been exploited. The vulnerability was originally discovered by Volexity during incident response [2]. Once the details became known, creating new exploits was made easier due to similar vulnerabilities affecting Atlassian products in the past.