Log4Shell Downloaded 40 Million Times in 2025
Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug
A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actors’ favorite initial access vectors
Botnet Looks for Vulnerable Internal Network MachinesDelivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector. Log4Shell burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library.
Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation.…
Two years after a critical vulnerability was found in utility Log4j, 38% of apps still use buggy versions
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. [...]
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year
Accept there are some risks you don’t control but which nonetheless you can’t ignore Sponsored Feature Friday the 10 of December 2021 is etched in the memory of many IT professionals, but not for reasons they will look back on with fondness. That was the day, just as most American workers were logging off for a long weekend, when a critical vulnerability in an obscure but essential piece of software code first came to widespread attention.…
Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.
In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.
Here’s how Wiz can help Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games.…
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.
Budworm leveraged the Log4j vulnerabilities to compromise the Apache Tomcat service on servers
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability’s long tail for remediation
It is the first campaign in which the hacker group exploits SysAid apps as a vector for initial access
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software. [...]
The analysis provides fresh insights into the notorious Log4j vulnerability
Great, another thing that's gone endemic Organizations can expect risks associated with Log4j vulnerabilities for "a decade or longer," according to the US Department of Homeland Security.…