A critical vulnerability has been discovered in Apache Log4j 2, an open source Java package used to enable logging in many popular applications, and it can be exploited to enable remote code ...

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

The Apache Software Foundation recently announced the General Availability of Log4j 2.0, containing many performance improvements over its predecessor Log4j 1.x. Years in the making, this release ...

The Apache Software Foundation published a new Log4j patch late on Friday after discovering issues with 2.16.

A hacking risk discovered last month within the widely used Apache Log4j logging tool has been labeled “the single biggest, most critical vulnerability of the last decade” by the CEO of ...

Apache can’t seem to catch a break with Java-based logging utility Log4j, as a third major vulnerability has now been discovered. On Friday, the Apache Software Foundation (ASF) published an ...

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...