Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
The Conversation

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...
CBS News

Nightmare before Christmas: What to know about the Log4j vulnerability

A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
CRN

10 Technology Vendors Affected By The Log4j Vulnerability

Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
Bleeping Computer

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...
ZDNet

Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability

Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute, security researchers have warned. The Log4j flaw ...
ABC News

New cyber vulnerability poses 'severe risk,' DHS says

The vulnerability is linked to a commonly used piece of software called Log4j. Late Saturday, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued an ...
Ars Technica

Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet

Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that’s used in countless apps, including those used by large enterprise organizations ...