Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

Criminal groups and even suspected state-sponsored hacking groups continue to exploit a serious vulnerability in Apache Log4j with ransomware and other forms of malware. According to research from ...

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...

A new Apache Log4j vulnerability and a major attack on a military body using Log4Shell have come to light as security teams work to patch.

Apache Software Foundation President David Nalley on Tuesday told the Senate Homeland Security & Government Affairs Committee it could take months, or even years, to fully eliminate the Log4j ...

The cybersecurity world has been on edge since the Apache Log4j vulnerability was first publicly disclosed on Dec. 9. It is one of the most serious cyber risks since the 2017 WannaCry global ...

The Log4j vulnerability has led to few major cyber attacks so far, Sophos found. But attacks via Log4Shell could occur well into the future.

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability ...

Members of the nonprofit Apache Software Foundation are racing to fix a potentially disastrous bug in the free, open-source Log4j tool, which has been downloaded millions of times.

The U.S. Food and Drug Administration (FDA) warned Friday that widespread cybersecurity vulnerabilities in commonly used software could affect medical devices by allowing unauthorized users to ...