Graham Cluley

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. In fact, I’ve received so many emails from PR agencies ...
Dark Reading

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...
Computer Weekly

Log4Shell: How friendly hackers rose to the challenge

Imagine the scene: a severe vulnerability emerges that affects organisations worldwide, allowing unauthorised access to highly sensitive data. This scenario happened in late 2021 when a popular open ...
ZDNet

Log4Shell flaw: Still being used for crypto mining, botnet building... and Rickrolls

Log4Shell, the critical bug in Apache's widely used Log4j project, hasn't triggered the disaster that was feared, but it's still being exploited and predominantly from cloud computers in the US. The ...
Daily Mail

Chinese hackers are exploiting 'fully weaponised' software vulnerability which is causing 'mayhem on the web' and poses a threat to internet-connected devices worldwide ...

Chinese hackers are already exploiting a 'fully weaponised' software vulnerability which is causing mayhem on the web, with experts warning that it is the 'most serious' threat they have seen in ...
Threat Post

Brand-New Log4Shell Attack Vector Threatens Local Hosts

The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities. Defenders will once again be busy ...
Bleeping Computer

Public interest in Log4Shell fades but attack surface remains

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...
Threat Post

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has identified 32 ...
ZDNet

Google unleashes security 'fuzzer' on Log4Shell bug in open source software

The remotely exploitable flaw in Log4j – the widely deployed Java error logging library -- is being attacked by multiple actors and likely will remain so for many ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...
Computer Weekly

Almost half of networks probed for Log4Shell weaknesses

Close to half of corporate networks around the world have now been actively probed by malicious actors trying to find a way to exploit CVE-2021-44228, aka Log4Shell remote code execution (RCE) ...
PC Magazine

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

Huntress reports that attackers have started to exploit the Log4Shell vulnerabilities revealed in December 2021 on servers running VMware Horizon to deploy Cobalt Strike. Log4Shell refers to several ...