Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging ...

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments ...

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily exploited and ...

The Log4shell vulnerability was a weakness in the JNDI lookup functionality of Log4j2, between version 2.0 and 2.14. This allowed an attacker, who had control over what was printed in the logs (for ...

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote ...

On December 14, 2021, a zero-day vulnerability 'Log4Shell ' that allows Microsoft to execute remote code that existed in Java's Log4j library is used by government-affiliated hacking groups related to ...

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...

The threat actor known as Lazarus Group has been observed targeting the Log4Shell vulnerability (CVE-2021-44228) in a new series of attacks dubbed “Operation Blacksmith.” According to a new advisory ...