Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
Bleeping Computer

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike ...
ZDNet

Security warning: New zero-day in the Log4j Java library is already being exploited

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...
Dark Reading

How Risky Is the Log4J Vulnerability?

There is no doubt that the recently publicized vulnerability in Log4j is a serious one and security teams should be spending time assessing the organization's exposure. The vulnerability, ...
Bleeping Computer

CISA releases Apache Log4j scanner to find vulnerable apps

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, ...