A vulnerability in a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as ...

Takeaway: Organizations of all types and sizes should actively manage exposure to loss due to the Log4j vulnerability. Doing so will not be easy. The Log4j program is present in so many applications ...

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...

In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s parent ...

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. The ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

Two weeks ago, the UK's National Health Service (NHS) issued a warning that an 'unknown threat group' is attempting to exploit a Log4j vulnerability (CVE-2021-44228) in VMware Horizon servers to ...