The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
The Record

The Apache Log4j team talks about the Log4Shell patching process

On December 9, 2021, the internet learned of a major security bug in a little-known Java library named Apache Log4j. This little bug—codenamed Log4Shell—had one of the most significant impacts on the ...
CSOonline

React2Shell is the Log4j moment for front end development

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...
Cloud Security Alliance

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection ...
GitHub

Regression in Log4j 2.22.0 on Android because of changes to getThreadContextClassLoader() in LoaderUtil

When upgrading an Android Application which has a transitive dependency on Log4j from log4j-core 2.21.1 to 2.22.0, it fails with an exception because it seems the method AccessController.doPrivileged( ...
CSOonline

Lazarus APT attack campaign shows Log4Shell exploitation remains popular

The ongoing attack targets manufacturing, agricultural, and physical security organizations that have yet to fix vulnerabilities in the Log4j code. Despite receiving a patch two years ago, the ...
Bleeping Computer

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
What's on Netflix

Doona! Season 2 on Netflix: What We Know So Far

In the first season of Doona! Bae Suzy and Yang Se Jong gave two excellent performances. We’re sure fans would love to see the pair reunite for a second season, but given how the first season has ...
GitHub

Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while ...

Users should refer to Maven, Ivy, Gradle, and SBT Artifacts on the Log4j website for instructions on how to include Log4j into their project using their chosen build tool.
Infosecurity-magazine.com

Lessons Learned: The Log4J Vulnerability 12 Months On

It was a shock to all in cybersecurity as Java and the Log4j open-source logging library are prevalent, commonly used across software applications and online services. The issue quickly came to the ...
Wired

A Year Later, That Brutal Log4J Vulnerability Is Still Lurking

A year ago, as Russia amassed troops at its border with Ukraine and the Covid-19 Omicron variant began to surge around the world, the Apache Software Foundation disclosed a vulnerability that set off ...