Critical TeamCity flaw now widely exploited to create admin accounts

A critical authentication-bypass vulnerability (CVE-2024-27198) in on‑premises JetBrains TeamCity (fixed in 2023.11.4) is being actively exploited in the wild; LeakIX and GreyNoise report thousands of vulnerable servers and over 1,440 confirmed compromises with hundreds of attacker-created admin accounts on exposed instances, creating a significant supply‑chain risk—administrators are urged to apply the patch immediately.