Bleeping Computer

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...
Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
ZDNet

Google unleashes security 'fuzzer' on Log4Shell bug in open source software

The remotely exploitable flaw in Log4j – the widely deployed Java error logging library -- is being attacked by multiple actors and likely will remain so for many ...
VentureBeat

Log4j vulnerabilities, malware strains multiply; major attack disclosed

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More As cybersecurity teams grapple with having to potentially patch their ...
Dark Reading

Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft

Security experts are now urging organizations to quickly update to a new version of the Log4j logging framework that the Apache Foundation released Tuesday because its original fix for a critical ...
Network World

Log4j flaw needs immediate remediation

After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they ...