A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit If you've patched using Log4J 2.15.0, it's time to consider updating again. Stat.

The Apache Software Foundation published a new Log4j patch late on Friday after discovering issues with 2.16.

SINGAPORE - The Republic's national cyber-security watchdog on Friday (Dec 17) raised the alert level on the highly critical Log4j software security flaw that has been declared code red by experts ...

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.

Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news ...