The FBI issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. Dozens of companies already had their source code stolen and leaked online in July. The FBI says it has identified several such incidents where the attackers have abused several vulnerabilities since the attacks have started. The threat actors start their attacks by scanning for exposed Sonar Qube instances using the default port number (i.e., 9000) the FBI explains.
Source: https://www.bleepingcomputer.com/news/security/fbi-hackers-stole-government-source-code-via-sonarqube-instances/