Cybercriminals turn a Jenkins server into a cryptominer

The Jenkins infrastructure team has reported that its deprecated Confluence service was the target of a cyberattack in early September, exploiting vulnerability CVE-2021-26084 to install a Monero cryptominer in the container running the service.

In response, servers were disabled, passwords were rotated and the incident was investigated, concluding that any other product, plugin or source code were affected.