Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...
Threat Post

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited ...
InfoWorld

How developers scrambled to secure the Log4j vulnerability

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess. Last weekend, the internet caught fire, ...
Bleeping Computer

Log4j: List of vulnerable products and vendor advisories

News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. Log4j is an open-source Java logging framework ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...
Dark Reading

What to Do While Waiting for the Log4j Updates

Researchers are warning that attackers are actively exploiting the newly publicized unauthenticated remote code execution vulnerability in Log4j, the Java-based logging tool from Apache. While the ...