A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited.

Log4Shell is the latest hacker exploit rocking the internet, and it’s arguably the worst yet. The vulnerability is in an obscure piece of software used on millions of computers.

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s ...

By all accounts, though, the Log4j vulnerability—also known as Log4Shell—lives up to the hype for a host of reasons. First is the ubiquity of Log4j itself.

Log4j/Shell will remain a challenging and high-risk situation for organizations, particularly with nation-state and lower-skilled threat actors alike taking advantage of the flaw.

Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft A new China-based "double extortion" ransomware group has started exploiting the Log4Shell bug in VMware server ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.