JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive

The report details active exploitation of two JetBrains TeamCity authentication-bypass vulnerabilities (notably CVE-2024-27198 with CVSS 9.8) that enable attackers to create administrative accounts, achieve remote code execution, deploy malicious plugins or payloads, and in observed cases distribute a modified Jasmin ransomware; security groups (Rapid7, CrowdStrike, ShadowServer, LeakIX) reported thousands of exposed or compromised TeamCity instances and urged immediate patching to prevent supply-chain and large-scale propagation.