Security news.
Today's cybersecurity landscape is dominated by critical vulnerabilities under active exploitation, with multiple zero-days impacting Microsoft Defender and Apache ActiveMQ. Law enforcement also made significant strides against DDoS-for-hire services, while NIST announced changes to its CVE enrichment process to focus on high-impact flaws.
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Threat actors are exploiting three recently disclosed flaws (BlueHammer, RedSun, UnDefend) in Microsoft Defender to gain elevated privileges on compromised systems.
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
CISA has added a high-severity remote code execution vulnerability (CVE-2026-34197) in Apache ActiveMQ Classic to its Known Exploited Vulnerabilities Catalog due to active exploitation.
Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates.
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
NIST is changing its National Vulnerability Database (NVD) process, limiting CVE enrichment to those meeting specific criteria due to a massive increase in submissions.
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation, "Operation PowerOFF," has taken down 53 domains and arrested four individuals linked to commercial DDoS-for-hire services used by over 75,000 cybercriminals.
ZionSiphon Malware Targets ICS in Water Facilities
A new malware, ZionSiphon, is specifically configured to target and sabotage Industrial Control Systems (ICS) associated with Israeli water treatment and desalination plants.
Two North Korean IT Worker Scheme Facilitators Jailed in the US
Kejia Wang and Zhenxing Wang have been jailed for compromising US identities to help North Korean IT workers secure jobs at over 100 companies.
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
Flare's research reveals how cybercriminals use underground guides to evaluate carding shops based on data quality, reputation, and survivability, highlighting the sophisticated nature of cybercrime markets.