Latest news
Vulnerability
Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
5 May 2026 dark6
Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2...
Vulnerability
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
23 April 2026 dark6
A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being...
Vulnerability
CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV Catalog as Active Exploitation Surges
18 April 2026 dark6
CISA has added CVE-2026-34197, a high-severity (CVSS 8.8) deserialization flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog...
Malware
Sophisticated npm malware campaign exploits Cross-Ecosystem typosquatting
3 May 2025 securebulletin.com
A coordinated malware operation targeting npm employs cross-ecosystem typosquatting to mimic popular libraries from Python, Java, C++, and .NET ecosystems....
Vulnerability
Apache Tomcat vulnerability (CVE-2024-38286)
24 September 2024 dark6
A severe vulnerability has emerged in Apache Tomcat, a widely used Java application server. Identified as CVE-2024-38286, this flaw poses...
Vulnerability
Urgent security update: vulnerabilities addressed in Apache Linkis
6 August 2024 dark6
Apache Linkis, a vital middleware for connecting applications to various data processing engines, has recently patched two significant security vulnerabilities...