在这个影响软件供应链根基的问题被自动化工具攻克之前，预计将有更多由 Log4j 引发的问题出现。 Log4j 漏洞风波暂平，但下一场暴雷可能已经在 ...

在这起事件发生之前，就连 Apache Log4j 2 自身团队可能都没意识到，这么一个基于 Java 的日志框架影响范围竟有那么广。据前 Log4j 开发者、现 Apache ...

As a result, the MIIT suspended work with Alibaba Cloud, its cybersecurity threat intelligence partner, for six months because the company did not first report the Log4j bug to Chinese authorities.

Keep reading. Ditch Log4j 2.15: DNS exfiltration & RCE possible Log4j 2.15.0 might contain even more severe vulnerabilities than the ones discovered so far, which is why 2.16.0 is by far a safer bet.

As cybersecurity teams grapple with having to potentially patch their systems for a third time against Apache Log4j vulnerabilities, additional malware strains exploiting the flaws and an attack ...

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain.

"With Log4j, preventing the entire class of bugs that cause it is going to be hard with today's technology, but stuff like fuzzing and safe-by-default language/library design can help a lot.

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

The disclosure of the Log4j vulnerability has been met with a herculean response from security teams. But even still, the likelihood of ransomware attacks that trace back to the flaw is high ...