
Topic > Log4j vulnerability


Ransomware attackers finding new ways to weaponize old vulnerabilities

Why developer-first security is needed from the start, from DevSecOps pioneer Snyk

Don’t leave open source open to vulnerabilities

Community
Cybersecurity and the Pareto Principle: The future of zero-day preparedness

Don’t ignore Spring4Shell. But there’s still no sign it’s widespread

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

GreyNoise launches free tool to protect against ‘scary’ vulnerabilities like Log4j

Report: Cybersecurity teams need nearly 100 days to develop threat defenses

Mandiant reminds us: Don’t forget about Log4j

Report: 50% of all web applications were vulnerable to attacks in 2021

The challenges of community- vs vendor-led open source software

Lacework expands capabilities for fixing Log4j flaw

Major attacks using Log4j vulnerability ‘lower than expected’

Community
The Log4Shell vulnerability: A postmortem

Accidental exposure of sensitive data has been surging, Bugcrowd finds

Device42 aims to identify Log4j vulnerabilities

Guest
Why your organization needs a software bill of materials

Patching Log4j to version 2.17.1 can probably wait

China-based group used Log4j flaw in attack, CrowdStrike says

Microsoft investigating Defender issue with Log4j scanner

Open source security leader Brian Behlendorf discusses the impact of Log4j

Microsoft launches new Defender capabilities for fixing Log4j

2021: A year in open source

Log4j flaw gets big attention from ‘ruthless’ ransomware gang

Second ransomware family exploiting Log4j spotted in U.S., Europe

Log4j vulnerabilities, malware strains multiply; major attack disclosed

Log4j vulnerability opened the door to the ransomware operators

Community
How to detect whether you have the Log4j2 vulnerability

As Log4j sent defenders scrambling, this startup made its threat data free

With Log4j vulnerability, the full impact has yet to come

Microsoft confirms new ransomware family deployed via Log4j vulnerability

Microsoft: Ransomware ‘access brokers’ now exploiting Log4j vulnerability

Log4j exploits attempted on 44% of corporate networks; ransomware payloads spotted

‘Less obvious’ uses of Log4j pose a major risk

Log4j exploits suggest attackers gearing up for ransomware

Microsoft: Log4j exploits extend past crypto mining to outright theft

‘Vaccine’ against Log4Shell vulnerability has potential — and limitations
