A long-standing flaw in Apache ActiveMQ has resurfaced as a serious concern for administrators. The issue—listed on CISA’s Known Exploited Vulnerabilities (KEV) list under entry 46604—enables unauthenticated remote command execution via the broker port. Although CVE-2026-34197 is not yet reported as being widely exploited in the wild, researchers examining broker logs say there are clear indicators that attackers have attempted
Tag: CISA KEV
Zero-Day on the Market: $220K Exploit Targets Windows Remote Desktop Services (CVE-2026-21533)
Remote Desktop Services (RDS) has come under renewed scrutiny after reports that a working exploit for CVE-2026-21533 — an elevation-of-privilege vulnerability in Windows Remote Desktop Services — was listed for sale on a dark web forum for $220,000. The listing and surrounding reporting are factual and straightforward: a recently created account advertised a claimed zero-day exploit, observers recorded the posting,