In January 2024, global threat activity centered on three high-severity vulnerabilities that were actively exploited. A leading expert from a prominent security research lab highlighted this surge to a security publication, underscoring how attackers concentrated on widely used enterprise software.
The first flaw, CVE-2023-22527, carries a top severity score of 10 out of 10. It affects Atlassian Confluence, the enterprise wiki platform developed by the Australian company Atlassian. The vulnerability allows remote arbitrary code execution on Confluence servers, enabling an attacker to run any code on a compromised system. It impacts versions released before December 5, 2023, including those no longer supported by the vendor. In January 2024 alone, more than 1,000 exploitation attempts were observed targeting this flaw across various organizations.
The second vulnerability, CVE-2023-34048, is rated 9.8 out of 10 in threat level. It concerns VMware vCenter Server, a central management tool for VMware vSphere environments and virtualized cloud infrastructure. Discovered in October 2023, this flaw had no confirmed exploitation at that time, but on January 17, 2024, security advisories confirmed active exploitation in the wild. Research from leading incident responders indicates that this vulnerability has been used by multiple threat groups since late 2021 to gain unauthorized access and pivot within networks.
The third security weakness, CVE-2023-7028, also scores a perfect 10 out of 10. This issue is tied to GitLab Community and Enterprise Editions and relates to account takeovers through the password recovery flow. GitLab repositories servers store collaborative projects, and this vulnerability could allow an attacker to assume control of another user’s account by manipulating the password reset process. A successful exploit requires bypassing two-factor authentication or disabling it via social engineering or other means.
Security researchers explained that the exploitation chain could begin with sending a fraudulent password reset email to a pre-prepared, unverified address. While the vendor’s security bulletin reported no confirmed active exploitation at publication, threat intelligence platforms note widespread monitoring and potential preparatory activity. An independent scan using a widely used asset search tool revealed tens of thousands of GitLab installations, with a notable share observed on addresses associated with specific regions. The pattern suggests broad exposure in enterprise environments and highlights the importance of promptly applying patches and strengthening identity controls.
Experts emphasize that the count of known vulnerabilities continues to rise each day. A prominent researcher noted that last year alone, roughly 78 new vulnerabilities were added every day, illustrating the persistent pressure on organizations to maintain robust patch management, rapid detection, and effective defense-in-depth strategies. The Canadian and North American markets are, in particular, urged to prioritize timely updates for widely deployed platforms and to implement compensating controls such as network segmentation, strict access policies, and multi-factor authentication to reduce risk exposure.
Industry analysts also warn that the threat landscape is evolving toward targeted credential abuse and supply-chain manipulation. Enterprises are advised to adopt continuous monitoring, vulnerability management integrated with asset discovery, and routine audits of critical service configurations. By aligning cyber resilience efforts with recognized best practices and regional regulatory expectations, organizations can improve their ability to detect, contain, and recover from a sophisticated set of attacks.
The broader takeaway is clear: keeping software up to date, validating identity protections, and monitoring for unusual authentication patterns are essential steps. As attackers increasingly leverage trusted software ecosystems, proactive defense becomes a shared responsibility across IT, security teams, and executive leadership. It remains crucial for institutions to maintain an ongoing program that blends patching, credential hygiene, user education, and incident readiness to minimize the impact of high-severity vulnerabilities.