ZDNet

Log4Shell flaw: Still being used for crypto mining, botnet building... and Rickrolls

Log4Shell, the critical bug in Apache's widely used Log4j project, hasn't triggered the disaster that was feared, but it's still being exploited and predominantly from cloud computers in the US. The ...
ZDNet

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners

The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the ...
Bleeping Computer

Public interest in Log4Shell fades but attack surface remains

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...
InfoQ

Log4Shell Defenses: Java Agents in Conversation with Contrast Security’s Arshan Dabirsiaghi

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
TechCrunch

Study: 30% of Log4Shell instances remain unpatched

On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Java-based logging utility, was disclosed to the world and broke the internet. As the third most used ...
PC Magazine

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

I've been writing about tech, including everything from privacy and security to consumer electronics and startups, since 2011 for a variety of publications.
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
TechRepublic

Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in ...

Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode Your email has been sent Log4Shell was a cybersecurity wake up call across every industry, ...
Ars Technica

The Log4Shell 0-day, four days on: What is it, and how bad is it really?

Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the ...
Forbes

Getting Ready For The Next Log4Shell Vulnerability

Bernd Greifeneder is the CTO and Founder of Dynatrace, a software intelligence company that helps to simplify enterprise cloud complexity. Rarely has an obscure piece of open-source code captured the ...
Graham Cluley

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. In fact, I’ve ...
Dark Reading

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...