Elizabeth K. JosephNov 19

The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE 🐧

In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉

We also on-boarded libdfp & qsv to our new hosted GitHub Actions runners, and saw Rarr add CI and VictoriaTraces begin releasing binaries 🎁

Details in my monthly report: https://community.ibm.com/community/user/blogs/elizabeth-k-joseph1/2025/11/19/linuxone-open-source-report-october-2025

Linux on IBM Z and LinuxONE Open Source Software Report: October 2025

🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Aug 20, 2025
🚨 Attackers exploiting a critical Apache ActiveMQ vuln (CVE-2023-46604) are not only breaking in but patching the flaw afterward to hide their tracks! Using malware DripDropper, they maintain stealthy control over Linux servers. A rare and clever tactic to watch out for! 🛡️🔥 #Cybersecurity #InfoSec #ApacheActiveMQ https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/
#newz
Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

: Intruders hoped no one would notice their presence

The Register
Tiago BuenoOct 30, 2024
ActiveMQ Artemis 2.38.0 was released last week. Discover the latest enhancements and improvements by checking out the release notes: https://activemq.apache.org/components/artemis/download/release-notes-2.38.0
#ApacheActiveMQ
ActiveMQ

Foojay.ioDec 12, 2023

Currently, @SimonMartinelli is teaching JMS with #SpringBoot at the University of Applied Science in Bern, Switzerland. They use #ApacheActiveMQ #Artemis as their JMS message broker. But how to test their Spring Boot application?

https://foojay.io/today/testing-spring-boot-jms-with-activemq-artemis-and-testcontainers/

#java #foojaytip

Testing Spring Boot JMS with ActiveMQ Artemis and Testcontainers

Testcontainers is a fantastic way to start resources as containers. Even if there is no pre-made container, you can always use GenericContainer to run virtually any container image.

foojay
Captain CyberbeardNov 29, 2023
🏴‍☠️ Set sail on a cyber adventure! Dive into our latest blog 'Navigating the Treacherous Waters of Apache ActiveMQ' and uncover the dark secrets of GoTitan and PrCtrl Rat. Ready yer defenses, mateys! #Cybersecurity #ApacheActiveMQ #GoTitan #PrCtrlRat 🌊⚔️: https://cybercorsair.blogspot.com/2023/11/sailing-cyber-seas-navigating_29.html
SAILING THE CYBER SEAS: "Navigating the Treacherous Waters of Apache ActiveMQ: Beware the GoTitan and PrCtrl Rat Onslaught!"

Explore the treacherous cyber seas with the PrCtrl RAT and GoTitan Attacks on ActiveMQ

Glenn 📎Nov 3, 2023
Widespread exploitation of CVE-2023-46604, a remote code execution vulnerability in #ApacheActiveMQ, is underway. While initial reports came out about a week ago, it appears that the exploitation has increased in the last few days. See more at https://viz.greynoise.io/tag/apache-activemq-rce-attempt?days=3
🛡 [email protected]/:~# Nov 2, 2023

"⚠️ Critical RCE Alert: 3,000 Apache ActiveMQ Servers at Risk! ⚠️"

Over 3,000 Apache ActiveMQ servers are exposed online, vulnerable to a critical RCE flaw (CVE-2023-46604, CVSS v3: 10.0). Immediate patching is urged to prevent potential data theft and network compromise. Stay vigilant! 🛡️💻

Apache ActiveMQ is an open-source message broker for secure communication between clients and servers, supporting Java and various cross-language clients and protocols like AMQP, MQTT, OpenWire, and STOMP.

The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE that allows attackers to execute arbitrary shell commands by exploiting class types in the OpenWire protocol.

According to Apache's disclosure on October 27, 2023, this vulnerability affects the following Apache ActiveMQ and Legacy OpenWire Module versions:

  • Versions before 5.18.3 in the 5.18.x series
  • Versions before 5.17.6 in the 5.17.x series
  • Versions before 5.16.7 in the 5.16.x series
  • All versions before 5.15.16

To address this issue, fixes have been released in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. It's recommended to upgrade to one of these versions to enhance your IT security.

Tags: #CyberSecurity #RCE #ApacheActiveMQ #Vulnerability #PatchNow #InfoSec #ServerSecurity #CVE202346604 🚨🔐

Source: BleepingComputer

Author: Bill Toulas

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.

BleepingComputer