Quick rundown of the article: Critical vulnerabilities in GRUB2, including heap overflows, out-of-bounds writes, and use-after-free errors, could allow attackers to bypass security measures, potentially compromising millions of systems. While most require high privileges, the most severe flaw enables remote code execution via network boot, and full mitigation requires updating GRUB2, shims, and Secure Boot components.

https://securityonline.info/grub2-bootloader-vulnerabilities-expose-millions-of-systems-to-attacks/

Excerpt

What did the attacker have access to?

The SEC filing indicates that the attacker had access to user email addresses and customer numbers, the original WordPress Admin password that was set at the time of provisioning, and SSL private keys. All of these could be of use to an attacker, but one item, in particular, stands out:

During the period from September 6, 2021, to November 17, 2021, the sFTP and database usernames and passwords of active customers were accessible to the attacker.

GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.