Content Paint

log4j

Log4J at 1: A third of downloads still vulnerable to RCE

A year after a critical vulnerability in a ubiquitous piece of open source software, Log4J, set off what The Stack described at the time as an “internet cluster bomb”, nearly 40% of downloads of the popular open source java logging library are still of the vulnerable version – despite the high

The 10 most-exploited vulnerabilities of 2021: Not patched? Likely pwned...

Attackers continue to accelerate their weaponisation of newly-discovered flaws, the Five Eyes list of most-exploited vulnerabilities of 2021 shows. Contrary to some reports suggesting fears of mass-exploitation had been over-indexed, the flaw in Log4j joined the most widely-exploited vulnerabilities last year, despite only being discovered at the year's

CrowdStrike names Turkey and Colombia as significant new sources of cyber-attacks

New state actors, labelled Wolf and Ocelot, identified in threat report

Log4j DIDN’t result in mass abuse – but VMware Horizon attacks continue

"Only a handful of customers faced attempted intrusions where Log4j was... the initial entry point

Microsoft security update sets klaxons blaring in... Microsoft Defender

Microsoft flags one of its own processes as sensor tampering.

Bug in Log4j 2.15.0 also RCE: Severity raised to 9.0

Whac-that-mole...

VMware vCenter “trivial to exploit” using Log4Shell, POC available

"All VCenter instances trivially exploitable by a remote and unauthenticated attacker."

Critical bug in ubiquitous Java framework sets off an internet cluster bomb

AWS, Red Hat, VMware, more affected with pre-auth RCE exploits circulating

Search the site

Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.