Ransomware hackers have seized on an exploit of a recently disclosed zero-day vulnerability in Atlassian Confluence instances days after the company urged its customers to patch immediately.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

Security companies Rapid7 and GreyNoise said they began detecting on Sunday a surge in hacks exploiting a bug Atlassian described as an improper authorization vulnerability (see: Atlassian Urges Patching Against Data Loss Vulnerability).

The Australian content collaboration and management workspace developer on Monday elevated the bug’s criticality to 10, the maximum possible on the CVSS scale.

Researchers initially described the danger from the flaw, tracked as CVE-2023-22518, as data destruction. Multiple cybersecurity firms said hackers are using it to deploy Cerber ransomware.

Security volunteers from The DFIR Report said a group using the name “C3RB3R” in the ransom note had exploited the Atlassian bug.

Cerber was among the top three ransomware variants of 2021, along with Ryuk and SamSam, according to Proofpoint. The company counted 52.5 million Cerber attacks that year, second only to Ryuk’s 93.9 million. Whether those attacks came…