Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...
ZDNet

Within hours of the Log4j flaw being revealed, these hackers were using it

A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j ...
Dark Reading

New Log4j Attack Vector Discovered

Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. Security ...
Computer Weekly

China’s APT41 exploited Log4j within hours

The Chinese advanced persistent threat (APT) actor tracked variously as APT41, Barium, Wicked Panda/Spider or Bronze Atlas was actively compromising victims via the Log4Shell vulnerability in Apache ...
ZDNet

Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft

Microsoft has confirmed that suspected China-based cyber criminals are targeting the Log4j 'Log4Shell' flaw in VMware's Horizon product to install NightSky, a new ransomware strain that emerged on ...