News

Threat Post3y

Java Code Repository Riddled with Hidden Log4j Bugs; Here's Where to ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
Bleeping Computer3y

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most ...
ZDNet3y

Security warning: New zero-day in the Log4j Java library is already ...

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.
ZDNet3y

Log4j RCE activity began on December 1 as botnets start using ...

The usage of the nasty vulnerability in the Java logging library Apache Log4j that allowed unauthenticated remote code execution could have kicked off as early as December 1. "Earliest evidence we ...