Experts and cybersecurity organizations have identified and disclosed two severe flaws in JetBrains TeamCity On-Premises software, urging users to immediately patch these vulnerabilities to prevent server takeovers. The vulnerabilities, identified as CVE-2024-27198 (remote auth bypass) and CVE-2024-27199, have been reported to allow remote authentication bypass, with one being rated as critical. Exploitation activity for CVE-2024-27198 began around March 4th, 22:00 UTC, with 16 IPs scanning for vulnerable instances. As of March 6th, 1,182 instances were still potentially vulnerable, with the US (298) and Germany (188) being the top affected countries. The Cybersecurity and Infrastructure Security Agency (CISA) has added the critical flaw to its list of exploited vulnerabilities, indicating active attacks that could lead to complete server takeover. Vendors are also concerned about potential supply chain threats due to these vulnerabilities.