The Apache Software Foundation's log4j logging library is one of the better logging systems around. It's both easier to use and more flexible than Java's built-in logging system. This article ...

According to the CSRB, Log4Shell is now "endemic" and is expected to affect systems until at least 2032. "Most importantly, however, the Log4j event is not over.

Almost a year on from Log4j's disclosure, a joint alert by CISA and the FBI warns organizations that if they haven't protected their systems against it yet, they really need to now.

“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said.

Another 3.8% use Log4j 2.17.0, which, although not vulnerable to Log4Shell, is susceptible to CVE-2021-44832, a remote code execution flaw that was fixed in version 2.17.1 of the framework.

China’s largest cloud service provider said it would improve compliance after it was disciplined by the government for failing to first report the Log4j vulnerability to Chinese authorities.

Log4j, a Java library, is omnipresent in the cyberuniverse, including in applications from Amazon, Microsoft, IBM, Google, Cisco, Twitter, Steam—and even the United States Cybersecurity and ...

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most ...

Hackers launch over 840,000 attacks through Log4J flaw Researchers claim Chinese government groups are among the perpetrators. Hannah Murphy, Financial Times – Dec 14, 2021 10:32 am | 112 ...

Log4j is an open source logging library that is widely used in enterprise software and cloud services. Many applications and services written in Java are potentially vulnerable to Log4Shell, ...