Atlassian
Company Details
Linkedin ID:
atlassian
Website:
Employees number:
21,511
Number of followers:
2,347,080
NAICS:
5112
Industry Type:
Homepage:
atlassian.com
IP Addresses:
156
Company ID:
ATL_2964148
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Atlassian Vendor Cyber Rating & Cyber Score
atlassian.comAtlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global companies and 80% of the Fortune 500 rely on Atlassian’s software, like Jira, Confluence, Loom, and Trello, to help their teams work better together and deliver quality results on time. With our 300,000+ customers and team of 10,000+ Atlassians, we are building the next generation of team collaboration and productivity software. We believe the power of teams has the potential to change the world — one that is more open, authentic, and inclusive.
Atlassian A.I CyberSecurity Scoring
Atlassian Risk Score (AI oriented)Between 700 and 749
Atlassian
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Atlassian Global Score (TPRM)XXXX
Atlassian
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Atlassian Company CyberSecurity News & History
Past Incidents
8
Attack Types
3
Atlassian: Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: Critical Stored XSS Vulnerability in Atlassian Jira Enables Full Organization Takeover Security researchers at SnapSec recently disclosed a severe stored Cross-Site Scripting (XSS) vulnerability in Atlassian’s Jira Work Management, a widely used platform for project tracking and task management. The flaw, stemming from inadequate input validation in a low-risk settings menu, allows attackers with limited administrative permissions to execute a full organization takeover. ### Vulnerability Details The issue resides in Jira’s custom priority settings, where administrators can define task importance levels (e.g., high, medium, low). While editing these priorities, users can specify an Icon URL a field that, if manipulated, could inject malicious JavaScript. Researchers demonstrated that a Product Admin a role with restricted but sufficient permissions could embed a payload in the URL (e.g., `https://google.com?name=</script><script>alert(0)</script>`). Due to missing backend validation and output encoding, the script was stored in the database and executed when a Super Admin accessed the priorities configuration page. ### Exploitation & Impact The attack leverages stored XSS, meaning no victim interaction (e.g., clicking a link) is required. Once a Super Admin loads the compromised page, the malicious script executes in their browser, operating within a highly privileged administrative context. In SnapSec’s proof-of-concept, the payload silently sent a system invitation to an attacker-controlled account, granting them full access to Jira, Confluence, and other Atlassian products. This enabled unauthorized project creation, modification, and deletion effectively seizing control of the entire organization. ### Key Takeaways - The vulnerability exposes a critical gap in input validation, even in mature enterprise platforms. - Partially privileged roles (e.g., Product Admins) can escalate to full administrative control if access controls are not rigorously audited. - The incident underscores the need for strict backend validation and output encoding across all configuration panels, regardless of perceived risk. Atlassian has since addressed the flaw, but the discovery serves as a reminder that overlooked administrative features can become high-impact attack vectors.
Atlassian: Bamboo Data Center and Server Vulnerability Enables Remote Code Execution
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Atlassian Patches High-Severity RCE Vulnerability in Bamboo Data Center Atlassian has addressed a high-severity remote code execution (RCE) vulnerability, CVE-2026-21570, affecting its Bamboo Data Center application. The flaw, discovered internally through Atlassian’s security auditing program, poses significant risks to enterprise CI/CD environments, where Bamboo serves as a critical hub for automated builds, testing, and deployment. With a CVSS 4.0 score of 8.6, the vulnerability allows authenticated attackers with elevated privileges to execute arbitrary code remotely on affected servers. Exploitation could lead to full system compromise, enabling threat actors to manipulate source code, exfiltrate sensitive build secrets, or disrupt software development operations potentially facilitating devastating supply chain attacks. The flaw impacts multiple Bamboo Data Center versions, including: - 9.6.x (9.6.0–9.6.23) - 10.0.0, 10.1.0, 10.2.0 - 11.0.0, 11.1.0 - 12.x (12.0.0–12.1.2) Atlassian has released patches to mitigate the issue, urging administrators to upgrade immediately: - 9.6.x → 9.6.24 or later - 10.2.x → 10.2.16 - 12.1.x → 12.1.3 or later Patched versions are available via the Atlassian download center. Organizations running affected deployments are advised to apply updates to secure their build infrastructure.
Canva, Adyen, Atlassian, HubSpot, Epic Games, Moderna, GameStop, ZoomInfo, WeWork, Halliburton, Betterment, Sonos and Telstra: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Cyber Attack
Severity: 85
Impact: 4
Seen: 12/2025
Supply Chain Source: NA
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy, according to cybersecurity firm Silent Push. Over the past 30 days, threat actors registered fake domains impersonating high-profile companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra. The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA) by convincing them to approve push notifications or submit one-time passcodes (OTPs). Okta described the attacks as involving real-time session orchestration, where threat actors guided victims through the authentication process via verbal instructions. While Silent Push identified the infrastructure used in the campaign, it remains unclear whether the attacks successfully breached any systems. However, ShinyHunters has claimed responsibility for data breaches at companies like Betterment, Crunchbase, and SoundCloud, all of which confirmed incidents. The group allegedly stole millions of records from these organizations as part of the Okta SSO vishing campaign. Silent Push attributes the campaign to Scattered LAPSUS$ Hunters, a collective formed last year by members of Lapsus$, Scattered Spider, and ShinyHunters, based on observed tactics, techniques, and procedures (TTPs). The incident follows recent warnings from Google and others about rising vishing and phishing attacks targeting identity platforms.
Atlassian
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Atlassian Confluence Data Center and Server versions were affected by a critical vulnerability identified as CVE-2023-22527, enabling threat actors to exploit the flaw for cryptomining campaigns. Due to the template injection vulnerability, remote attackers could execute arbitrary code, leading to unauthorized cryptocurrency mining using the organization's resources. This activity not only utilized the compromised infrastructure for mining but also had the potential to disrupt operations and financials through resource exhaustion and increase in operational costs. Atlassian released patches to address the issue, however, systems not updated remained at risk.
Atlassian
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Atlassian reveals a data leak that was brought on by the theft of employee login information that was then utilized to obtain data from a third-party vendor. More than 13,200 entries make up the employee file that was uploaded online, and a brief inspection of the file suggests that it contains data on many current employees, including names, email addresses, work departments, and other details. The threat actors obtained information from a third-party vendor using the employee login credentials they had stolen. The business emphasized that the event had no impact on consumer or network data. The business acknowledged the data breach and disclosed that Envoy, a startup that offers workplace management services to the Australian software giant, was the source of the leaked data.
Atlassian
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: Atlassian warned its customers that multiple threat groups are exploiting a Confluence Server zero-day vulnerability in its servers. Any unauthenticated attackers can target its Confluence Server and Data Center by a critical vulnerability that can be exploited for remote code execution. The company advised its users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances, as all supported versions of Confluence Server and Data Center are affected. However, Atlassian expects fixes to become available soon.
Atlassian
Vulnerability
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw. Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable.
Atlassian
Data Leak
Rankiteo Explanation
Attack without any consequences
Description: Atlassian revealed that unidentified hackers gained access to a vast quantity of data from its group chat service HipChat by breaking into a cloud server owned by the business. Although Atlassian did not disclose the identity of the prominent third-party software library that was utilised by its HipChat.com service, the business claims that attackers took advantage of a weakness in the library. The business issued instructions on how to reset passwords to all users whose accounts were connected to HipChat and, as a precaution, invalidated the passwords on those accounts. The organisation claims that although hashed passwords, email addresses, and names were accessible to hackers, no financial information was revealed.
Atlassian Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Atlassian
Incidents vs Software Development Industry Average (This Year)
Atlassian has 66.67% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Atlassian has 70.94% more incidents than the average of all companies with at least one recorded incident.
Incident Types Atlassian vs Software Development Industry Avg (This Year)
Atlassian reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Atlassian (X = Date, Y = Severity)
Atlassian cyber incidents detection timeline including parent company and subsidiaries
Atlassian Company Subsidiaries
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global companies and 80% of the Fortune 500 rely on Atlassian’s software, like Jira, Confluence, Loom, and Trello, to help their teams work better together and deliver quality results on time. With our 300,000+ customers and team of 10,000+ Atlassians, we are building the next generation of team collaboration and productivity software. We believe the power of teams has the potential to change the world — one that is more open, authentic, and inclusive.
Loading...
Atlassian Similar Companies
ByteDance
ByteDance is a global incubator of platforms at the cutting edge of commerce, content, entertainment and enterprise services - over 2.5bn people interact with ByteDance products including TikTok. Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This i
Tencent
Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world. Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
Lazada
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the regio
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Zoho
Zoho offers beautifully smart software to help you grow your business. With over 100 million users worldwide, Zoho's 55+ products aid your sales and marketing, support and collaboration, finance, and recruitment needs—letting you focus only on your business. Zoho respects user privacy and does not h
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
DoorDash
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team membe
.png)
Atlassian CyberSecurity News
March 26, 2026 04:04 AM
Atlassian’s Cannon-Brookes loses another $1bn as Wall Street confidence falls
The CEO and co-founder of Australian tech giant Atlassian, Mike Cannon-Brookes, has found his pockets roughly $1 billion emptier as Wall...
March 24, 2026 02:22 PM
Atlassian Modernizes Threat Detection
Learn how Atlassian built a security lakehouse on Databricks to hunt threats faster, reduce log analysis costs and enable AI-driven detection at scale.
March 11, 2026 07:00 AM
Keeper Security Launches 2026 Global Campaign Spotlighting Identity-First Cybersecurity with Atlassian Williams F1 Team
PRNewswire/ -- Identity is now the primary attack surface for modern enterprises. As credential-based threats accelerate and cybercriminals...
March 11, 2026 07:00 AM
Keeper Security launches global campaign highlighting identity-first cybersecurity with Atlassian Williams F1 Team
Keeper Security launches new global campaign with Atlassian Williams Formula 1 Team for identity-first cybersecurity.
March 11, 2026 07:00 AM
Keeper Security Launches 2026 Global Campaign Spotlighting Identity-First Cybersecurity with Atlassian Williams F1 Team
Identity is now the primary attack surface for modern enterprises. As credential-based threats accelerate and cybercriminals increasingly...
March 04, 2026 08:00 AM
Keeper Security Launches Native Jira Integrations to Unify Security Incident Response and Privileged Access Governance
New Jira integrations connect security alerts, access requests and approvals into a single, governed workflow while keeping enforcement...
February 28, 2026 08:00 AM
Recommendation for CVE-2026-27825
On February 24, 2026, sooperset, the mcp-atlassian project maintainer, released fixes for a critical vulnerability in mcp-atlassian,...
February 24, 2026 08:00 AM
Atlassian Confluence Broken Access Control Vulnerability (CVE-2023-22515)
CVE-2023-22515 is an unauthenticated critical severity vulnerability allowing remote attackers to create unauthorized Confluence Administrator accounts and...
February 23, 2026 08:00 AM
SaaS Stocks Buried In AI Blizzard: Atlassian, Salesforce Hit 52-Week Lows
While Wall Street, New York City and much of the northeastern U.S. are under a blizzard warning, one might say that the software industry is...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Atlassian CyberSecurity History Information
Official Website of Atlassian
The official website of Atlassian is https://atlassian.com/.
Atlassian’s AI-Generated Cybersecurity Score
According to Rankiteo, Atlassian’s AI-generated cybersecurity score is 727, reflecting their Moderate security posture.
How many security badges does Atlassian’ have ?
According to Rankiteo, Atlassian currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Atlassian been affected by any supply chain cyber incidents ?
According to Rankiteo, Atlassian has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Atlassian have SOC 2 Type 1 certification ?
According to Rankiteo, Atlassian is not certified under SOC 2 Type 1.
Does Atlassian have SOC 2 Type 2 certification ?
According to Rankiteo, Atlassian does not hold a SOC 2 Type 2 certification.
Does Atlassian comply with GDPR ?
According to Rankiteo, Atlassian is not listed as GDPR compliant.
Does Atlassian have PCI DSS certification ?
According to Rankiteo, Atlassian does not currently maintain PCI DSS compliance.
Does Atlassian comply with HIPAA ?
According to Rankiteo, Atlassian is not compliant with HIPAA regulations.
Does Atlassian have ISO 27001 certification ?
According to Rankiteo,Atlassian is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Atlassian
Atlassian operates primarily in the Software Development industry.
Number of Employees at Atlassian
Atlassian employs approximately 21,511 people worldwide.
Subsidiaries Owned by Atlassian
Atlassian presently has no subsidiaries across any sectors.
Atlassian’s LinkedIn Followers
Atlassian’s official LinkedIn profile has approximately 2,347,080 followers.
NAICS Classification of Atlassian
Atlassian is classified under the NAICS code 5112, which corresponds to Software Publishers.
Atlassian’s Presence on Crunchbase
No, Atlassian does not have a profile on Crunchbase.
Atlassian’s Presence on LinkedIn
Yes, Atlassian maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/atlassian.
Cybersecurity Incidents Involving Atlassian
As of April 02, 2026, Rankiteo reports that Atlassian has experienced 8 cybersecurity incidents.
Number of Peer and Competitor Companies
Atlassian has an estimated 29,308 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Atlassian ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Vulnerability and Cyber Attack.
How does Atlassian detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with patching the vulnerability, and containment measures with prevent access to confluence servers from the internet, containment measures with disable confluence instances, and communication strategy with advised users to take preventive actions, and containment measures with invalidated passwords on affected accounts, and remediation measures with issued instructions on how to reset passwords to all users, and communication strategy with notified users to reset passwords, and remediation measures with patches released, and third party assistance with silent push (cybersecurity firm), and containment measures with patches released for affected versions, and remediation measures with upgrade to patched versions (9.6.24 or later, 10.2.16, 12.1.3 or later), and communication strategy with advisory urging administrators to upgrade immediately, and remediation measures with atlassian addressed the flaw with backend validation and output encoding fixes..
Incident Details
Can you provide details on each incident ?
Title: Confluence Server Webwork OGNL Injection Vulnerability
Description: Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw. Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable.
Type: Vulnerability Exploitation
Attack Vector: Webwork OGNL injection
Vulnerability Exploited: Confluence Server Webwork OGNL injection
Motivation: Arbitrary code execution
Title: Atlassian Confluence Server Zero-Day Vulnerability
Description: Atlassian warned its customers that multiple threat groups are exploiting a Confluence Server zero-day vulnerability in its servers. Any unauthenticated attackers can target its Confluence Server and Data Center by a critical vulnerability that can be exploited for remote code execution. The company advised its users to prevent access to their Confluence servers from the internet, or simply disable these instances, as all supported versions of Confluence Server and Data Center are affected. However, Atlassian expects fixes to become available soon.
Type: Zero-Day Exploit
Attack Vector: Remote Code Execution
Vulnerability Exploited: Confluence Server Zero-Day Vulnerability
Threat Actor: Multiple threat groups
Title: Atlassian Data Leak
Description: Atlassian reveals a data leak that was brought on by the theft of employee login information that was then utilized to obtain data from a third-party vendor.
Type: Data Breach
Attack Vector: Stolen Login Credentials
Vulnerability Exploited: Weak credential management
Motivation: Data Theft
Title: Atlassian HipChat Data Breach
Description: Unidentified hackers gained access to a vast quantity of data from Atlassian's HipChat service by exploiting a vulnerability in a third-party software library used by the service.
Type: Data Breach
Attack Vector: Exploitation of Vulnerability
Vulnerability Exploited: Third-party software library vulnerability
Threat Actor: Unidentified hackers
Title: Atlassian Confluence Cryptomining Campaign
Description: Atlassian Confluence Data Center and Server versions were affected by a critical vulnerability identified as CVE-2023-22527, enabling threat actors to exploit the flaw for cryptomining campaigns. Due to the template injection vulnerability, remote attackers could execute arbitrary code, leading to unauthorized cryptocurrency mining using the organization's resources. This activity not only utilized the compromised infrastructure for mining but also had the potential to disrupt operations and financials through resource exhaustion and increase in operational costs. Atlassian released patches to address the issue, however, systems not updated remained at risk.
Type: Cryptomining Campaign
Attack Vector: Template Injection Vulnerability
Vulnerability Exploited: CVE-2023-22527
Motivation: Financial Gain
Title: ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations
Description: A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy. The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA). The group allegedly stole millions of records from companies like Betterment, Crunchbase, and SoundCloud as part of the Okta SSO vishing campaign.
Type: Phishing (Vishing), Data Breach, Credential Theft
Attack Vector: Voice Phishing (Vishing), Phishing Kits, MFA Bypass (Push Notifications, OTPs)
Vulnerability Exploited: Single Sign-On (SSO) accounts (Okta and other identity platforms), MFA manipulation
Threat Actor: ShinyHunters, Scattered LAPSUS$ Hunters (collective of Lapsus$, Scattered Spider, and ShinyHunters)
Motivation: Data Theft, Financial Gain, Credential Harvesting
Title: Atlassian Patches High-Severity RCE Vulnerability in Bamboo Data Center
Description: Atlassian has addressed a high-severity remote code execution (RCE) vulnerability, CVE-2026-21570, affecting its Bamboo Data Center application. The flaw, discovered internally through Atlassian’s security auditing program, poses significant risks to enterprise CI/CD environments, where Bamboo serves as a critical hub for automated builds, testing, and deployment. With a CVSS 4.0 score of 8.6, the vulnerability allows authenticated attackers with elevated privileges to execute arbitrary code remotely on affected servers. Exploitation could lead to full system compromise, enabling threat actors to manipulate source code, exfiltrate sensitive build secrets, or disrupt software development operations potentially facilitating devastating supply chain attacks.
Type: Remote Code Execution (RCE)
Attack Vector: Authenticated access with elevated privileges
Vulnerability Exploited: CVE-2026-21570
Title: Critical Stored XSS Vulnerability in Atlassian Jira Enables Full Organization Takeover
Description: Security researchers at SnapSec disclosed a severe stored Cross-Site Scripting (XSS) vulnerability in Atlassian’s Jira Work Management. The flaw, stemming from inadequate input validation in a low-risk settings menu, allows attackers with limited administrative permissions to execute a full organization takeover.
Type: Stored Cross-Site Scripting (XSS)
Attack Vector: Malicious JavaScript injection via Icon URL field in custom priority settings
Vulnerability Exploited: Inadequate input validation and output encoding in Jira’s custom priority settings
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Stolen Login Credentials, Vulnerability in third-party software library, Fake domains impersonating high-profile companies and SSO accounts (Okta).
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation ATL0214622
Systems Affected: Confluence ServerData Center instance
Incident : Zero-Day Exploit ATL23554622
Systems Affected: Confluence ServerData Center
Incident : Data Breach ATL195481023
Data Compromised: Names, Email addresses, Work departments, Other details
Incident : Data Breach ATL116201123
Data Compromised: Hashed passwords, Email addresses, Names
Systems Affected: HipChat.com service
Incident : Cryptomining Campaign ATL000083124
Systems Affected: Atlassian Confluence Data CenterAtlassian Confluence Server
Operational Impact: Resource Exhaustion
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Data Compromised: Millions of records allegedly stolen
Systems Affected: SSO accounts (Okta and other identity platforms)
Identity Theft Risk: High (PII and credentials compromised)
Incident : Remote Code Execution (RCE) ATL1773995178
Data Compromised: Sensitive build secrets, source code
Systems Affected: Bamboo Data Center servers
Operational Impact: Disruption of software development operations, potential supply chain attacks
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Systems Affected: Jira Work Management, Confluence, and other Atlassian products
Operational Impact: Unauthorized project creation, modification, and deletion; full administrative control takeover
Brand Reputation Impact: Critical gap in input validation exposed in a mature enterprise platform
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Data, , Hashed Passwords, Email Addresses, Names, , Personally Identifiable Information (PII), Credentials, Business Data, Sensitive build secrets and source code.
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation ATL0214622
Entity Name: Atlassian
Entity Type: Company
Industry: Software Development
Incident : Data Breach ATL195481023
Entity Name: Atlassian
Entity Type: Organization
Industry: Software
Location: Australia
Incident : Data Breach ATL116201123
Entity Name: Atlassian
Entity Type: Corporation
Industry: Software Development
Incident : Cryptomining Campaign ATL000083124
Entity Name: Atlassian
Entity Type: Software Company
Industry: Technology
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Atlassian
Entity Type: Software
Industry: Technology
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Adyen
Entity Type: Financial Services
Industry: Finance
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Canva
Entity Type: Software
Industry: Technology
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Epic Games
Entity Type: Software
Industry: Gaming
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: HubSpot
Entity Type: Software
Industry: Marketing/Technology
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Moderna
Entity Type: Pharmaceutical
Industry: Healthcare
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: ZoomInfo
Entity Type: Software
Industry: Technology/Sales Intelligence
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: GameStop
Entity Type: Retail
Industry: Gaming/Retail
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: WeWork
Entity Type: Real Estate
Industry: Commercial Real Estate
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Halliburton
Entity Type: Energy
Industry: Oil and Gas
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Sonos
Entity Type: Hardware
Industry: Consumer Electronics
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Telstra
Entity Type: Telecommunications
Industry: Telecom
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Betterment
Entity Type: Financial Services
Industry: Finance
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: Crunchbase
Entity Type: Software
Industry: Business Intelligence
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entity Name: SoundCloud
Entity Type: Software
Industry: Music/Technology
Incident : Remote Code Execution (RCE) ATL1773995178
Entity Name: Atlassian
Entity Type: Company
Industry: Software/Technology
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Entity Name: Atlassian Jira Work Management
Entity Type: Software/Platform
Industry: Project Management/Task Tracking
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation ATL0214622
Remediation Measures: Patching the vulnerability
Incident : Zero-Day Exploit ATL23554622
Containment Measures: Prevent access to Confluence servers from the internetDisable Confluence instances
Communication Strategy: Advised users to take preventive actions
Incident : Data Breach ATL116201123
Containment Measures: Invalidated passwords on affected accounts
Remediation Measures: Issued instructions on how to reset passwords to all users
Communication Strategy: Notified users to reset passwords
Incident : Cryptomining Campaign ATL000083124
Remediation Measures: Patches Released
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Third Party Assistance: Silent Push (cybersecurity firm)
Incident : Remote Code Execution (RCE) ATL1773995178
Containment Measures: Patches released for affected versions
Remediation Measures: Upgrade to patched versions (9.6.24 or later, 10.2.16, 12.1.3 or later)
Communication Strategy: Advisory urging administrators to upgrade immediately
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Remediation Measures: Atlassian addressed the flaw with backend validation and output encoding fixes
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Silent Push (cybersecurity firm).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ATL195481023
Type of Data Compromised: Employee data
Number of Records Exposed: 13200
Sensitivity of Data: Medium
Personally Identifiable Information: namesemail addresseswork departmentsother details
Incident : Data Breach ATL116201123
Type of Data Compromised: Hashed passwords, Email addresses, Names
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Type of Data Compromised: Personally Identifiable Information (PII), Credentials, Business Data
Number of Records Exposed: Millions (alleged)
Sensitivity of Data: High (PII, credentials)
Data Exfiltration: Alleged (data sold on dark web)
Personally Identifiable Information: Yes
Incident : Remote Code Execution (RCE) ATL1773995178
Type of Data Compromised: Sensitive build secrets, source code
Sensitivity of Data: High
Data Exfiltration: Potential
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching the vulnerability, , Issued instructions on how to reset passwords to all users, , Patches Released, , Upgrade to patched versions (9.6.24 or later, 10.2.16, 12.1.3 or later), Atlassian addressed the flaw with backend validation and output encoding fixes.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by prevent access to confluence servers from the internet, disable confluence instances, , invalidated passwords on affected accounts, and patches released for affected versions.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Lessons Learned: The vulnerability exposes a critical gap in input validation, even in mature enterprise platforms. Partially privileged roles can escalate to full administrative control if access controls are not rigorously audited. Strict backend validation and output encoding are necessary across all configuration panels, regardless of perceived risk.
What recommendations were made to prevent future incidents ?
Incident : Zero-Day Exploit ATL23554622
Recommendations: Prevent access to Confluence servers from the internet, Disable Confluence instancesPrevent access to Confluence servers from the internet, Disable Confluence instances
Incident : Remote Code Execution (RCE) ATL1773995178
Recommendations: Upgrade to patched versions immediately to secure build infrastructure.
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Recommendations: Implement rigorous input validation and output encoding in all administrative features. Audit access controls for partially privileged roles to prevent privilege escalation. Regularly review and test low-risk settings for potential vulnerabilities.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The vulnerability exposes a critical gap in input validation, even in mature enterprise platforms. Partially privileged roles can escalate to full administrative control if access controls are not rigorously audited. Strict backend validation and output encoding are necessary across all configuration panels, regardless of perceived risk.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement rigorous input validation and output encoding in all administrative features. Audit access controls for partially privileged roles to prevent privilege escalation. Regularly review and test low-risk settings for potential vulnerabilities. and Upgrade to patched versions immediately to secure build infrastructure..
References
Where can I find more information about each incident ?
Incident : Data Breach ATL195481023
Source: Atlassian Data Breach Report
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Source: Silent Push
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Source: Okta
Incident : Remote Code Execution (RCE) ATL1773995178
Source: Atlassian download center
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Source: SnapSec Research
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Atlassian Data Breach Report, and Source: Silent Push, and Source: Okta, and Source: Atlassian download center, and Source: SnapSec Research.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Investigation Status: Ongoing (infrastructure identified, breach success unclear)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Advised Users To Take Preventive Actions, Notified Users To Reset Passwords and Advisory urging administrators to upgrade immediately.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Remote Code Execution (RCE) ATL1773995178
Customer Advisories: Organizations running affected deployments are advised to apply updates.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Organizations running affected deployments are advised to apply updates..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ATL195481023
Entry Point: Stolen Login Credentials
Incident : Data Breach ATL116201123
Entry Point: Vulnerability in third-party software library
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Entry Point: Fake domains impersonating high-profile companies, SSO accounts (Okta)
Reconnaissance Period: 30 days (domain registration)
High Value Targets: SSO accounts, MFA-protected systems
Data Sold on Dark Web: SSO accounts, MFA-protected systems
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ATL195481023
Root Causes: Weak credential management
Incident : Phishing (Vishing), Data Breach, Credential Theft CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593
Root Causes: Vishing attacks, MFA manipulation, phishing kits, lack of awareness
Incident : Remote Code Execution (RCE) ATL1773995178
Root Causes: Security flaw discovered internally through Atlassian’s security auditing program
Corrective Actions: Patches released for affected versions
Incident : Stored Cross-Site Scripting (XSS) ATL1774866325
Root Causes: Inadequate input validation and output encoding in Jira’s custom priority settings
Corrective Actions: Atlassian implemented backend validation and output encoding fixes
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Silent Push (cybersecurity firm).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patches released for affected versions, Atlassian implemented backend validation and output encoding fixes.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Multiple threat groups, Unidentified hackers, ShinyHunters, Scattered LAPSUS$ Hunters (collective of Lapsus$, Scattered Spider and and ShinyHunters).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, work departments, other details, , Hashed passwords, Email addresses, Names, , Millions of records allegedly stolen, Sensitive build secrets and source code.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Confluence ServerData Center instance and Confluence ServerData Center and and Atlassian Confluence Data CenterAtlassian Confluence Server and and and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Silent Push (cybersecurity firm).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Prevent access to Confluence servers from the internetDisable Confluence instances, Invalidated passwords on affected accounts and Patches released for affected versions.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, email addresses, Hashed passwords, other details, names, Names, work departments, Millions of records allegedly stolen, Sensitive build secrets and source code.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 132.0.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The vulnerability exposes a critical gap in input validation, even in mature enterprise platforms. Partially privileged roles can escalate to full administrative control if access controls are not rigorously audited. Strict backend validation and output encoding are necessary across all configuration panels, regardless of perceived risk.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Prevent access to Confluence servers from the internet, Implement rigorous input validation and output encoding in all administrative features. Audit access controls for partially privileged roles to prevent privilege escalation. Regularly review and test low-risk settings for potential vulnerabilities., Disable Confluence instances and Upgrade to patched versions immediately to secure build infrastructure..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are SnapSec Research, Silent Push, Atlassian Data Breach Report, Atlassian download center and Okta.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (infrastructure identified, breach success unclear).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Organizations running affected deployments are advised to apply updates.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Vulnerability in third-party software library, Fake domains impersonating high-profile companies, SSO accounts (Okta) and Stolen Login Credentials.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 30 days (domain registration).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Weak credential management, Vishing attacks, MFA manipulation, phishing kits, lack of awareness, Security flaw discovered internally through Atlassian’s security auditing program, Inadequate input validation and output encoding in Jira’s custom priority settings.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patches released for affected versions, Atlassian implemented backend validation and output encoding fixes.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8(std::string&, char const*) to treat an input buffer as a C-string and call operations that rely on strlen()/null-termination. AddressSanitizer reports an out-of-bounds READ of size 115 past a 114-byte heap allocation, with the failure observed while running the iccToXml tool. This issue has been patched in version 2.3.1.6.
Risk Information
cvss3
Base: 6.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6.
Risk Information
cvss3
Base: 6.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/InternationalColorConsortium/iccDEV/issues/696
- https://github.com/InternationalColorConsortium/iccDEV/issues/697
- https://github.com/InternationalColorConsortium/iccDEV/issues/698
- https://github.com/InternationalColorConsortium/iccDEV/issues/703
- https://github.com/InternationalColorConsortium/iccDEV/pull/739
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-983c-rgh5-4982
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=atlassian' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
