Safety

CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

Federal agencies must patch a 13-year-old Apache ActiveMQ RCE (CVE-2026-34197) actively being exploited by April 30 under CISA's binding directive.

Friday, April 17, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline

CISA issued Binding Operational Directive 22-01 ordering federal agencies to patch CVE-2026-34197, a 13-year-old remote code execution vulnerability in Apache ActiveMQ, by April 30. The vulnerability allows authenticated users to execute arbitrary code via the Jolokia API and is actively being exploited. Patches are available in ActiveMQ 5.19.5 and 6.2.3.

Read original at The Register

Feud between AI power startup Fermi and its fired CEO and top shareholder heats up over proposed sale

Fired Fermi cofounder with 40% stake battles board to force immediate sale of collapsed AI data center startup after market cap imploded from $20B to $3.2B.