Bitbucket Server command injection enabling unauthenticated RCE — exploited massively by ransomware groups including SCATTERED SPIDER within days. Update Bitbucket to patched version or take internet-facing instances offline. Review all repository access logs.
Bitbucket Server and Data Center had an command injection vulnerability via the comment feature that allowed remote code execution with the permissions of the Bitbucket user.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →