Wherever you find Log4j, you need to update it to the latest 2.15.0 version patch. Here is a list of software that has an identified Log4j Shell vulnerability and the corresponding remedial measure.

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited.

Log4Shell is the latest hacker exploit rocking the internet, and it’s arguably the worst yet. The vulnerability is in an obscure piece of software used on millions of computers.

In late November, a cloud-security researcher for Chinese tech giant Alibaba discovered a flaw in a popular open-source coding framework called Log4j. The employee quickly notified Log4j’s ...

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

By all accounts, though, the Log4j vulnerability—also known as Log4Shell—lives up to the hype for a host of reasons. First is the ubiquity of Log4j itself.

Log4j/Shell will remain a challenging and high-risk situation for organizations, particularly with nation-state and lower-skilled threat actors alike taking advantage of the flaw.

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.

Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft A new China-based "double extortion" ransomware group has started exploiting the Log4Shell bug in VMware server ...