The Log4j exploit, called Log4Shell or CVE-2021-44228 by some, has been in the news this past few weeks. It’s bad! It’s everywhere! But just what is it, really? How did it make its way onto ...

The patch from Log4J basically disables the local mechanism and makes it a default configuration, unless people explicitly say we actually want to use that local mechanism.

In fact, 60.8 percent of all Java-based applications use Log4j in some sort of third-party application, but it’s often buried under layers of other software. According to U.S. cybersecurity officials, ...

Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...

Active attempts to exploit Log4j For cyber criminals, exploiting this tool’s vulnerability is like shooting fish in a barrel because it’s so widespread.

Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future.

Two MSPs who were not impacted still took the vulnerability as serious as possible, saying you must stay ready and assume the vulnerability is there.

A year since SolarWinds set the security world on fire, the Log4j vulnerability is the latest exploit with the potential to incur significant economic and national security harm. These exploits ...

A vulnerability in a widely used Apache library has caused Internet-wide chaos—and the trouble may just be starting.