Two weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to warnings about vulnerabilities.

While the remote code injection vulnerability [CVE-2026-34197] was revealed on April 7,…

Anthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade.

Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The researcher behind the work, Naveen Sunkavally, described the process as “80% Claude with 20% gift-wrapping by a human.”

The…