Security news.
Today's security brief highlights critical vulnerabilities under active exploitation, including a high-severity Apache ActiveMQ flaw added to CISA's KEV catalog and multiple Microsoft Defender zero-days. Additionally, a new ransomware variant is using QEMU VMs to evade endpoint security, and international law enforcement has taken down 53 DDoS-for-hire domains.
Apache ActiveMQ Flaw Actively Exploited, Added to CISA KEV
A high-severity remote code execution vulnerability (CVE-2026-34197) in Apache ActiveMQ Classic is under active exploitation and has been added to CISA's Known Exploited Vulnerabilities catalog.
Three Microsoft Defender Zero-Days Actively Exploited
Threat actors are exploiting three recently disclosed zero-day vulnerabilities (codenamed BlueHammer, RedSun, and UnDefend) in Microsoft Defender to gain elevated privileges on compromised systems, with two still unpatched.
Payouts King Ransomware Uses QEMU VMs to Bypass Security
The Payouts King ransomware is employing the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines, effectively bypassing endpoint security solutions.
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation, "Operation PowerOFF," has taken down 53 domains and identified over 75,000 cybercriminals involved in DDoS-for-hire services.
Microsoft Warns of Windows Servers Entering Reboot Loops After April Patches
Microsoft has issued a warning that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates.
ZionSiphon Malware Targets ICS in Water Facilities
A new operational technology (OT) malware, ZionSiphon, has been discovered, specifically configured to target and sabotage Israeli water treatment and desalination plants.
Cursor AI Vulnerability Exposed Developer Devices
A vulnerability in Cursor AI, involving an indirect prompt injection chained with a sandbox bypass and remote tunnel feature, could grant shell access to developer machines.
NIST Limits CVE Enrichment Due to Surge in Submissions
The National Institute of Standards and Technology (NIST) is adjusting its National Vulnerability Database (NVD) process, limiting CVE enrichment to only those meeting specific criteria due to a 263% surge in submissions.