The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...

Log4Shell is a vulnerability found in the feature 'JNDI Lookup' that has been included since version 2.0 beta 9 of Log4j, which dynamically reads a class file from any LDAP server with a specific ...

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments ...

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...

Mass exploitation of the Log4Shell – CVE-2021-44228 – vulnerability in Apache Log4j, which was first publicised in December 2021, has almost entirely failed to occur, after the prompt actions of ...

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote ...