Shadowserver identified over 6,400 Apache ActiveMQ instances exposed online and currently targeted by attackers exploiting a high-severity code injection vulnerability.
The vulnerable servers are actively being compromised through a flaw that allows remote code execution. Apache ActiveMQ, a widely-used open-source message broker, poses significant risk to organizations that have not patched the vulnerability.
Shadowserver's discovery underscores the gap between vulnerability disclosure and real-world patching. The 6,400 exposed instances represent organizations running outdated or unpatched versions of the software.
Code injection vulnerabilities in message brokers are particularly dangerous, as these systems often operate in trusted network positions and handle sensitive data flows. Exploitation can grant attackers persistence, lateral movement capabilities, and access to downstream systems.
Organizations running ActiveMQ should prioritize patching immediately. Shadowserver recommends implementing network segmentation to limit exposure of message broker infrastructure and monitoring for suspicious activity on affected systems.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.