Apache
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker for asynchronous communication between Java applications. Tracked as CVE-2026-34197, the vulnerability was discovered by Horizon3 researcher Naveen Sunkavally using the Claude AI assistant after remaining […]
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that a high-severity Apache ActiveMQ vulnerability patched earlier this month is now actively exploited in attacks. Apache ActiveMQ is the most popular open-source Java-based message broker for asynchronous communication between applications. Tracked as CVE-2026-34197, the security flaw has gone undetected for 13 years and was discovered by Horizon3 […]
13-year-old bug in ActiveMQ lets hackers remotely execute commands
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit path by analyzing how independently developed components interact. Tracked as CVE-2026-34197, the security issue received […]
Brute-force attacks target Apache Tomcat management panels
A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. Tomcat is a popular open-source web server widely used by large enterprises and SaaS providers, while Tomcat Manager is a web-based administration tool that comes bundled with the Tomcat server and helps admins manage deployed web apps via a graphical […]
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of […]
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous […]
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity […]
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs […]
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. Apache Tomcat is an open-source web server and servlet container widely used to deploy and run Java-based web applications. It provides a runtime environment for Java Servlets, JavaServer Pages (JSP), and […]
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. Apache Struts is an open-source framework for building Java-based web applications used by various organizations, including government agencies, e-commerce platforms, financial institutions, and airlines. Apache publicly disclosed the Struts CVE-2024-53677 flaw (CVSS 4.0 score: 9.5, “critical”) […]