A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited.

In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s ...

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor.

Log4j/Shell will remain a challenging and high-risk situation for organizations, particularly with nation-state and lower-skilled threat actors alike taking advantage of the flaw.

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.

Late last week, cybersecurity firm LunaSec uncovered a critical vulnerability in the open-source Log4j library that could give hackers the ability to run malicious code on remote servers ...