Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Shadowserver says more than 6,400 internet-exposed Apache ActiveMQ servers are vulnerable to ongoing attacks exploiting CVE-2026-34197, a code injection flaw patched on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4. Because ActiveMQ is widely used for asynchronous messaging between Java applications, this is a practical patch-now issue for teams with exposed or business-critical deployments.
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Forescout disclosed 20 vulnerabilities in Lantronix and Silex serial-to-IP converters, devices used to bridge legacy serial equipment into Ethernet/IP networks across sectors including energy, utilities, healthcare, telecom, and transportation. SecurityWeek notes that nearly 20,000 such systems appear internet-exposed on Shodan, which matters because these converters can sit in front of legacy OT and clinical systems that were never designed for hostile network exposure.
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
Microsoft says the North Korean threat actor Sapphire Sleet is running a macOS-focused campaign that relies on social engineering rather than software exploits, impersonating legitimate software updates to trick users into launching malicious files. The goal is credential theft and crypto theft, and the tradecraft is notable because it sidesteps built-in macOS protections by pushing the victim to do the execution step themselves.
A single platform powers SIM farm proxy networks across 17 countries
An Infrawatch investigation found that a Belarusian platform called ProxySmart is powering SIM farm proxy infrastructure across at least 94 locations in 17 countries, including 19 U.S. states. These mobile proxy networks matter because they give criminals access to carrier-based IP space that can be used for account fraud, evasion, large-scale abuse of online platforms, and other activity that blends in better than traditional datacenter infrastructure.
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
A British national pleaded guilty in U.S. federal court to conspiracy to commit wire fraud and aggravated identity theft in a campaign prosecutors say stole at least $8 million in cryptocurrency. The case is worth tracking because prosecutors tie him to the Scattered Spider ecosystem, which has repeatedly shown how effective native-English social engineering, identity abuse, and help-desk style intrusion tactics can be against large enterprises.
The post InfoSec News Nuggets 04/21/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
