在这起事件发生之前，就连 Apache Log4j 2 自身团队可能都没意识到，这么一个基于 Java 的日志框架影响范围竟有那么广。据前 Log4j 开发者、现 Apache ...

在这个影响软件供应链根基的问题被自动化工具攻克之前，预计将有更多由 Log4j 引发的问题出现。 Log4j 漏洞风波暂平，但下一场暴雷可能已经在 ...

近日，Apache Log4j 漏洞再次曝光3个高危漏洞，评级均在高危以上。 自2021年12月7日公开，Apache Log4j 漏洞被认为是“2021年最重要的安全威胁之一”，称 ...

Keep reading. Ditch Log4j 2.15: DNS exfiltration & RCE possible Log4j 2.15.0 might contain even more severe vulnerabilities than the ones discovered so far, which is why 2.16.0 is by far a safer bet.

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited. Photograph: zf L/Getty Images ...

Log4j is used by millions of websites and apps — and the software’s flaw potentially allows hackers to take control of systems by typing a simple line of code, according to cybersecurity experts.

China’s internet security regulator has disciplined Alibaba Group Holding ’s cloud computing services unit for failing to first report to the government a critical vulnerability in Apache’s ...

Log4j is everywhere One of the major concerns about Log4Shell is Log4j’s position in the software ecosystem. Logging is a fundamental feature of most software, which makes Log4j very widespread.

"With Log4j, preventing the entire class of bugs that cause it is going to be hard with today's technology, but stuff like fuzzing and safe-by-default language/library design can help a lot.

Unfortunately, Log4j will likely remain an issue through 2022 and beyond – we're probably only scratching the surface of the risk and the hacking campaigns that will attempt to exploit this ...

Peter Membrey, chief architect of ExpressVPN, remembers vividly seeing the news of the Log4j vulnerability break online. “As soon as I saw how you could exploit it, it was horrifying,” says ...