Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
Threat Post

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited ...
Dark Reading

Over 40% of Log4j Downloads Are Vulnerable Versions of the Software

Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
Dark Reading

New Log4j Attack Vector Discovered

Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. Security ...
Computer Weekly

Almost half of Log4j downloads still dangerously exposed

A month after the disclosure of CVE-2021-44228, aka Log4Shell, a critical vulnerability in the Apache Log4j Java package, up to 40% of new downloads are still at risk of compromise despite the ...