> APT40 rapidly exploits newly public vulnerabilities in widely used software such as Log4J (CVE 2021 44228), Atlassian Confluence (CVE-2021-31207, CVE-2021- 26084) and Microsoft Exchange (CVE-2021-31207; CVE2021-34523; CVE-2021-34473). ASD's ACSC and the authoring agencies expect the group to continue using POCs for new high-profile vulnerabilities within hours or days of public release.