Tens of millions of downloads of the popular Java logging library Log4j this year were vulnerable to a CVSS 10.0-rated vulnerability that first surfaced four years ago, according to Sonatype. The ...

A new variant of an advanced botnet called "FritzFrog" has been spreading via Log4Shell. It's been more than two years since the critical vulnerability in Log4j was first unleashed unto this earth, ...

Security researchers have claimed that a vulnerability described as the biggest and most critical ever discovered was far less dangerous than first believed. Log4Shell was a critical, CVSS 10.0-rated ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...

The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is ...

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining ...

Security teams should be alert to the possibility of compromise arising from a vulnerability in Apache Commons Text that may put many organisations at risk, but is unlikely to be as impactful as ...

VMware's many and varied cybersecurity troubles just won't go away. The Cybersecurity and Infrastructure Security Agency (CISA) this week updated last month's advisory about threat actors continuing ...