Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike ...

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...

A critical flaw in a popularly used Java library is being exploited by malicious actors to deliver malware, while security researchers are scanning for vulnerable servers. The flaw and a ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...

Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that’s used in countless apps, including those used by large enterprise organizations ...

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw. A ...

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess. Last weekend, the internet caught fire, ...

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Researchers discovered a bug related to the Log4J logging library ...