Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197, could compromise 6,476 internet-exposed instances of the widely used open-source Java-based message broker around the world, reports BleepingComputer.
Misconfigured Perforce servers remain widespread, threaten sensitive data exposure Improperly secured internet-exposed Perforce P4 servers continue to be prevalent, with 72% of 6,122 online instances enabling read-only source code access through a remote user account activated by default, according to SecurityWeek.
SecurityWeek reports that Forescout Technologies identified 20 new vulnerabilities in Sliex and Lantronix serial-to-IP converters, or serial device servers, that can be exploited without authentication, potentially exposing healthcare, operational technology, and other systems to remote attacks.
Security researcher Chaotic Eclipse has published a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability dubbed "RedSun" over a week after the release of an exploit code for the BlueHammer flaw in Defender, tracked as CVE-2026-33825, GBHackers News reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
