Two weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to warnings about vulnerabilities. While the remote code injection vulnerability [CVE-2026-34197] was revealed on April 7, according to statistics from the ShadowServer Foundation, there are still almost 6,500 unpatched instances of ActiveMQ open to being abused. “The fact that ShadowServer is still seeing 6,000+ unpatched boxes nearly two weeks later is just mind-blowing,” IT analyst Rob Enderle of the Enderle Group told...