A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.
Researchers have identified a software supply chain attack that has compromised several npm packages linked to the @antv ecosystem. The attack stems from a compromised maintainer account for the npm package 'atool.' Notably, this includes 'echarts-for-react,' a popular React wrapper for Apache ECharts, which has around 1.1 million weekly downloads. This incident is part of a broader campaign known as Mini Shai-Hulud and raises concerns about the security of widely used development tools. Developers and organizations using these packages should check their dependencies for any malicious changes and take appropriate actions to secure their software supply chains.
Apache has addressed a serious vulnerability in its HTTP/2 implementation, identified as CVE-2026-23918, which has a CVSS score of 8.8. This vulnerability is a double-free error that could allow attackers to execute arbitrary code remotely. Any systems using the affected version of Apache's HTTP server could be at risk, which includes a wide range of web applications and services relying on this technology. It's crucial for organizations using Apache to apply the latest updates to prevent potential exploitation of this flaw. Users are advised to check their current versions and ensure they are running the patched releases to mitigate this risk effectively.
Apache has released updates to address multiple vulnerabilities in its HTTP Server, including a serious flaw identified as CVE-2026-23918. This vulnerability, which has a CVSS score of 8.8, is a double-free error in the handling of HTTP/2 requests. If exploited, it could allow attackers to execute arbitrary code on affected systems. Organizations using Apache HTTP Server, particularly those enabling HTTP/2, should prioritize updating their software to mitigate this risk. The nature of the flaw makes it critical for system administrators to be proactive in applying the latest patches to safeguard against potential attacks.
Recent updates to Apache MINA and the Apache HTTP Server have addressed several high-severity vulnerabilities, with the most critical flaw allowing remote attackers to execute arbitrary code. This vulnerability poses a significant risk to users of these software platforms, as it could lead to unauthorized access and control over affected systems. Organizations that rely on Apache MINA and the HTTP Server need to prioritize applying these patches to safeguard their infrastructure. The updates are essential not only for protecting sensitive data but also for ensuring the overall integrity of services running on these platforms. Users should stay vigilant and ensure their installations are up to date to mitigate potential risks.
A severe vulnerability in Apache ActiveMQ, identified as CVE-2026-34197, has put over 6,400 servers at risk of exploitation. This widely used open-source message broker is utilized globally, with 6,476 instances exposed to the internet. Attackers could potentially execute code remotely, which could lead to significant security breaches. Organizations using ActiveMQ should take immediate action to assess their systems and implement protective measures. The urgency of this situation highlights the need for timely updates and monitoring of server configurations to prevent unauthorized access.
A remote code execution vulnerability, identified as CVE-2026-34197, was discovered in Apache ActiveMQ in early April. This vulnerability allows attackers to execute arbitrary code on affected systems, posing a significant risk to organizations using this messaging platform. As of now, it has been actively exploited in the wild, which raises concerns for users who have not yet applied necessary security measures. Companies that rely on Apache ActiveMQ should prioritize updating their systems to mitigate the risk of this vulnerability. The situation underscores the need for ongoing vigilance in maintaining software security to protect sensitive data and infrastructure from potential breaches.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a significant vulnerability in Apache ActiveMQ that is currently being exploited by attackers. This flaw, which had remained undetected for 13 years, was patched earlier this month. ActiveMQ, widely used for messaging in enterprise applications, is at risk, meaning organizations that rely on this software could be compromised if they haven't applied the recent update. The urgency of the situation is underscored by the fact that attackers are actively leveraging this vulnerability, making it crucial for users to take immediate action to secure their systems. Companies using ActiveMQ should prioritize updating to the latest version to protect against potential intrusions.
Researchers have discovered a long-hidden vulnerability in Apache ActiveMQ Classic, a widely-used messaging server. This bug was identified with the help of Anthropic's Claude AI, marking a significant find after 13 years. The vulnerability could allow attackers to manipulate message queues, potentially leading to data leaks or service disruptions. Companies that rely on ActiveMQ for their messaging infrastructure should take this discovery seriously, as it affects their systems' security. Users are urged to review their configurations and apply any available updates to mitigate risks associated with this flaw.
A serious vulnerability has been identified in multiple versions of the Apache Struts 2 framework, tracked as CVE-2025-68493. This XML external entity injection flaw could allow attackers to gain unauthorized access to sensitive data, cause denial-of-service attacks, or execute server-side request forgery (SSRF) attacks. Organizations using affected versions of Apache Struts 2 are at risk, which could lead to significant data breaches and disruptions. The issue emphasizes the need for developers and system administrators to ensure their applications are updated and secure against such vulnerabilities. Immediate action is necessary to mitigate potential exploitation.
Atlassian has addressed a significant security vulnerability in Apache Tika, which affects several of its products including Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira. This flaw poses a risk as it could potentially allow attackers to exploit the software, putting user data at risk. The company has released software updates to patch the vulnerability, urging users to apply these updates promptly to ensure their systems remain secure. This incident underscores the importance of regularly updating software to protect against known vulnerabilities. Users of the affected products should prioritize these updates to safeguard their environments from potential exploitation.
The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.
A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.