A vulnerability in a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as ...

Takeaway: Organizations of all types and sizes should actively manage exposure to loss due to the Log4j vulnerability. Doing so will not be easy. The Log4j program is present in so many applications ...

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. The ...

In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s parent ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

Two weeks ago, the UK's National Health Service (NHS) issued a warning that an 'unknown threat group' is attempting to exploit a Log4j vulnerability (CVE-2021-44228) in VMware Horizon servers to ...

An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. Security analysts ...