New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar


Researchers studying cybersecurity have unveiled a novel method for achieving arbitrary code execution in memory by taking advantage of a serious security hole in Apache ActiveMQ.

The vulnerability, identified as CVE-2023-46604 (CVSS score: 10.0), is a remote code execution flaw that may allow a hostile actor to execute any shell command.

Since then, ransomware groups have been actively using this vulnerability to spread malware like HelloKitty, a strain of malware identical to TellYouThePass, and SparkRAT, a remote access trojan.

Read More…