Apache News Articles

6000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 Exposed Online - IT Security News

More than 6,000 internet-exposed Apache ActiveMQ instances are still vulnerable to CVE-2026-34197. This newly tracked security flaw has now been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog. The exposure data comes from The Shadow...

1 week ago

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.

1 week ago

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years.

2 weeks ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

CVE-2026-34197 exploited in Apache ActiveMQ; CISA KEV listing sets April 30, 2026 patch deadline, increasing enterprise RCE risk.

2 weeks ago

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as

3 weeks ago

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) - IT Security News

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The…Read more →

3 weeks ago

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) - Help Net Security

Researcher used Claude to unearth CVE-2026-34197, an Apache ActiveMQ vulnerability that's been introduced in the codebase 13 years ago.

3 weeks ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

6:08 PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

3 weeks ago

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands.

3 weeks ago

Years-Old Apache Struts2 Vulnerability Downloaded 325K+ Times in the Past Week

AI-discovered Apache Struts vulnerability CVE-2025-68493 is still widely used, with over 380,000 downloads of vulnerable versions in just one week.

Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data

XML external entity (XXE) injection flaw found in Apache Struts 2, exposing millions of applications to data theft and server compromise.

Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data

XML external entity (XXE) injection flaw found in Apache Struts 2, exposing millions of applications to data theft and server compromise.

Apache Struts 2 Vulnerability CVE-2025-68493 Exposes Sensitive Data

Discover the critical Apache Struts 2 vulnerability CVE-2025-68493 that exposes sensitive data. Learn how to protect your applications from data breaches and Denial-of-Service attacks.

Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data

A vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial‑of‑service and server‑side request forgery (SSRF).

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities.

Critical CVE-2025-66516 Exposes Apache Tika to XXE Attacks Across Core and Parser Modules - IT Security News

  A newly disclosed vulnerability in Apache Tika has had the cybersecurity community seriously concerned because researchers have confirmed that it holds a maximum CVSS severity score of 10.0. Labeled as CVE-2025-66516, the vulnerability facilitates XXE attacks and may allow…Read more →

Over 500 Apache Tika Instances Exposed Online to Critical XXE Attacks

CVE-2025-66516, carrying the maximum CVSS severity score of 10.0, represents a significant threat to organizations deploying vulnerable versions of the widely used document processing framework.

500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online

Apache Tika servers online are affected by a critical XXE vulnerability, which could let attackers steal data, cause DoS attacks.

Apache Tika CVE Expands To Critical Multi-Module Flaw

New advisory reveals Apache Tika’s XXE flaw affects multiple modules, requiring urgent updates.

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.

CVE-2025-66516: Maximum-Severity Vulnerability in Apache Tika Could Lead to XML External Entity Injection Attack | SOC Prime

Explore details for CVE-2025-66516 vulnerability in Apache Tika, causing XML External Entity Injection, with a deep analysis on our SOC Prime blog.

Apache warns of 10.0-rated flaw in Tika metadata toolkit

Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit. Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reported...

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted PDF files.

Apache Tika hit by critical vulnerability thought to be patched months ago

The scope of an old PDF parsing flaw has been widened to include more Tika modules.