Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.
Exploitation appears to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web.
Risk of supply-chain attacksLeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.…