The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April.
The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek.
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […]
Two North Korean IT Worker Scheme Facilitators Jailed in the US
Kejia Wang and Zhenxing Wang compromised the identities of dozens of US persons to help land jobs at over 100 companies.
The post Two North Korean IT Worker Scheme Facilitators Jailed in the US appeared first on SecurityWeek.
ZionSiphon Malware Targets ICS in Water Facilities
The malware is configured to operate on systems associated with Israeli water treatment and desalination plants.
The post ZionSiphon Malware Targets ICS in Water Facilities appeared first on SecurityWeek.
Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. […]
Cursor AI Vulnerability Exposed Developer Devices
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines.
The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWeek.
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.
“CVEs that do not meet those criteria will still be listed in the NVD but will not
“CVEs that do not meet those criteria will still be listed in the NVD but will not
Man gets 30 months for selling thousands of hacked DraftKings accounts
23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. […]
53 DDoS Domains Taken Down by Law Enforcement
Authorities in 21 countries participated in a coordinated action against DDoS-for-hire services.
The post 53 DDoS Domains Taken Down by Law Enforcement appeared first on SecurityWeek.
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. […]