Wired

A Log4J Vulnerability Has Set the Internet 'On Fire'

A vulnerability in a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as ...
Bleeping Computer

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS

All set for the weekend? Not so fast. Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security ...
Developer Tech

Log4j downloads shows supply chain wake-up call ignored

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn't the wake-up call it should have been.
Bleeping Computer

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...
The Next Web

The Log4j bug exposes a bigger issue: Open-source funding (Updated)

Update (December 14 ,2021): We’ve updated this article with information about the new Log4j version release, along with new exploit vectors, and risks related to all Java versions. While you were ...