Vulnerable log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.

Vulnerable Log4j code can be found in products from identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and Sophos.

Log4j is used by millions of websites and apps — and the software’s flaw potentially allows hackers to take control of systems by typing a simple line of code, according to cybersecurity experts.

To do so, the Log4j server has to communicate with the server holding the real names. Unfortunately, this kind of code can be used for more than just formatting log messages.

Log4j is part of the Java programming language used in writing software since the mid-1990s. Software running Log4j code drives enterprise and consumer applications everywhere.

Log4j flaw: The threat isn't over yet An early analysis of Log4Shell suggests quick action by tech vendors and open-source software developers averted a crisis.

The Log4J saga has caused many organizations to reconsider their zero-day rapid response plan. Our new executive summary gives a general, easy-to-understand overview of the Log4J vulnerability ...

An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution (RCE) and complete server takeover — and it’s being ...

Log4J epitomizes the garbage-in, garbage-out problem of open source software: If you’re grabbing no-warranties code from the internet, there are going to be bugs, and some of these bugs will be ...

Dec. 5, Log4j 2.15.0-RC2 is released, which restricted protocols previously allowed, but it also still enables attacks using so-called "gadget chain" code within Log4j.

This past Thursday, December 9th, a 0-day exploit in the Java logging library, log4j (version 2) was discovered. This vulnerability results in Remote Code Execution by logging a certain string.

Earlier this month, cybersecurity experts found that by asking Log4j to log a line of malicious code, Log4j executes that code in the process. This gives bad actors access to controlling servers that ...