Threat Post

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...
Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
Dark Reading

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Microsoft this week warned organizations about the high potential for threat actors to expand the use of the recently discovered remote code execution (RCE) vulnerabilities in the Apache Log4j logging ...
ZDNet

Security company offers Log4j 'vaccine' for systems that can't be updated immediately

It is freely available on GitHub and Cybereason said it "is a relatively simple fix that requires only basic Java skills to implement." "In short, the fix uses the vulnerability itself to set the flag ...
CRN

The Log4J Vulnerability: News And Analysis

The critical vulnerability disclosed Dec. 10 in Java logging package Log4j has sent shockwaves throughout the industry given how frequently that open-source library is used to develop enterprise ...