Axios on MSN

Why hackers love the holidays

As offices go quiet between Christmas and New Year's, security teams brace for a busy stretch fending off hackers. Why it matters: Malicious hackers are opportunistic — and what's better than ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
CIO

Ctrl + Alt + Delusion: “The Net” 30 years later

As “The Net” celebrates its 30th anniversary in the annals of cinema history, I decided to revisit this slice of Americana ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Security Boulevard

Microsoft Expands its Bug Bounty Program to Include Third-Party Code

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover ...
The Hacker News

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories

The latest ThreatsDay Bulletin breaks down the week’s biggest stories — rootkits evading Windows, Docker leaks, AI risks and global surveillance moves ...
Infosecurity-magazine.com

Two-Fifths of Log4j Apps Use Vulnerable Versions

Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
TechCrunch

Software supply chain security is broader than SolarWinds and Log4J

SolarWinds and Log4j have made software supply chain security issues a topic of intense interest and scrutiny for businesses and governments alike. SolarWinds was a terrifying example of what can go ...
Security Systems News

Tag: Log4j

WASHINGTON, D.C. – New bipartisan legislation introduced on Sept. 22, 2022, seeks to protect critical infrastructure through strengthening the security of open source software (OSS). The Securing Open ...
TechCrunch

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Details of this ...