Vulnerability Management , Patch/Configuration Management Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks April 22, 2026 Share By SC Staff Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197 , could compromise 6,476 internet-exposed instances of the widely used open-source Java-based message broker around the world, reports BleepingComputer . Asia had the highest number of vulnerable Apache ActiveMQ servers, at nearly 3,000, followed by North America and Europe, according to findings from The Shadowserver Foundation. Attackers could leverage CVE-2026-34197, which originates from an improper input validation issue, to enable arbitrary code execution, reported Horizon3 researcher Naveen Sunkavally, who used Claude AI to uncover the bug that had been undetected for over a decade. Such a development comes as federal civilian executive branch agencies were urged by the Cybersecurity and Infrastructure Security Agency to remediate the security issue by Apr. 30 following its inclusion in the agency's Known Exploited Vulnerabilities catalog on Thursday. Organizations have also been advised by Horizon3 researchers to monitor dubious broker connections for potential exploitation. SC Staff Related Vulnerability Management Critical Microsoft vulnerabilities surge as total flaw prevalence declines SC Staff April 22, 2026 A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop in total vulnerabilities to 1,273 this year, indicating that fewer but more severe security issues are being discovered, reports HackRead. Data Security Misconfigured Perforce servers remain widespread, threaten sensitive data exposure SC Staff April 22, 2026 Misconfigured Perforce servers remain widespread, threaten sensitive data exposure Improperly secured internet-exposed Perforce P4 servers continue to be prevalent, with 72% of 6,122 online instances enabling read-only source code access through a remote user account activated by default, according to SecurityWeek. Vulnerability Management Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission Laura French April 22, 2026 Attackers could have extracted a GITHUB_TOKEN secret, potentially enabling unauthorized changes. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds