6,400 ACTIVEMQ SERVERS UNDER ACTIVE ATTACK

The vulnerable servers are actively being compromised through a flaw that allows remote code execution. Apache ActiveMQ, a widely-used open-source message broker, poses significant risk to organizations that have not patched the vulnerability. Shadowserver's discovery underscores the gap between vulnerability disclosure and real-world patching. The 6,400 exposed instances represent organizations running outdated or unpatched versions of the software. Code injection vulnerabilities in message brokers are particularly dangerous, as these systems often operate in trusted network positions and handle sensitive data flows. Exploitation can grant attackers persistence, lateral movement capabilities, and access to downstream systems. Organizations running ActiveMQ should prioritize patching immediately. Shadowserver recommends implementing network segmentation to limit exposure of message broker infrastructure and monitoring for suspicious activity on affected systems.