Hacker offer zero-day RCE exploit of Atlassian Jira for Sale

A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence.  According to the offer, It does not require any login credentials and can also work with Okta Single Sign-On (SSO), making it more impactful.

DailyDarkweb reported the details of the Offer:

• International

Sleeping Beauty
Researchers Bypassed CrowdStrike Falcon Sensor partially

By infosecbulletin / Friday , March 7 2025

SEC Consult researchers found a major vulnerability in CrowdStrike's Falcon Sensor, enabling attackers to evade detection and run malicious applications....

Read More

• Alert
• Vulnerabilities

CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks

By infosecbulletin / Thursday , March 6 2025

As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...

Read More

• Uncategorized

Register Now
AI Engineering Hackathon: Registration Open

By infosecbulletin / Wednesday , March 5 2025

On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...

Read More

• Uncategorized

Cisco alerts about a Webex flaw that exposes credentials

By infosecbulletin / Wednesday , March 5 2025

Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....

Read More

• Uncategorized

NVIDIA Issues Warning of Multiple Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025

NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw...

Read More

• Alert

Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025

Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among...

Read More

• Alert
• Vulnerabilities

Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

By infosecbulletin / Tuesday , March 4 2025

Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226...

Read More

• International

Singapore issues new guidelines for data center and cloud services

By infosecbulletin / Tuesday , March 4 2025

The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and...

Read More

• Alert

Update Alert!
Google Warns of Critical Android Vulns Under Attack

By infosecbulletin / Tuesday , March 4 2025

Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect...

Read More

• Alert
• Vulnerabilities

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025

CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...

Read More

Exploit Type: Zero-day Remote Code Execution (RCE)
Target: Atlassian Jira (latest desktop version and integrated with Confluence)
Login Requirement: None
SSO Compatibility: Okta SSO
Price: 800,000 XMR (Monero)

If the claim to be true, this exploit is a major security threat due to the widespread use of Jira and Confluence in corporate environments for project management and collaboration.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)