Just a few days ago, a zero-day vulnerability (CVE-2021-44228) was discovered in the well-known Apache Log4j logging library that allowed attackers full remote code execution. The Apache Software ...

Some of the attacks launched by exploiting the Log4j vulnerability include delivering cryptomining malware, along with delivering Cobalt Strike, a legitimate penetration-testing tool that cyber ...

APT35 is one of several state-backed hacking groups known to have been developing tools to exploit public-facing Java applications that use vulnerable versions of the Log4j error-logging component.

Log4j, an open source project, allows developers to control which log statements are output with arbitrary granularity. It's fully configurable at runtime by using external configuration files ...

Log4j is used by millions of websites and apps — and the software’s flaw potentially allows hackers to take control of systems by typing a simple line of code, according to cybersecurity experts.

Is Log4j still a threat? Around a month ago, the U.S. Cyber Safety Review Board’s report renewed interest in Log4j and attempted to dissect the true long-term impact of the vulnerability.

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.