Graham Cluley

Log4Shell: The race is on to fix millions of systems and internet-connected devices

Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. In fact, I’ve received so many emails from PR agencies ...
Computer Weekly

Log4Shell: How friendly hackers rose to the challenge

Imagine the scene: a severe vulnerability emerges that affects organisations worldwide, allowing unauthorised access to highly sensitive data. This scenario happened in late 2021 when a popular open ...
Threat Post

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has identified 32 ...
Computer Weekly

What is Log4Shell, and why are we panicking about it?

The so-called Log4Shell vulnerability in the Apache Log4j2 Java-based logging library has been described variously as “probably the most critical vulnerability we have seen this year” by Qualys’s ...
Threat Post

Brand-New Log4Shell Attack Vector Threatens Local Hosts

The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities. Defenders will once again be busy ...
ZDNet

Log4Shell flaw: Still being used for crypto mining, botnet building... and Rickrolls

Log4Shell, the critical bug in Apache's widely used Log4j project, hasn't triggered the disaster that was feared, but it's still being exploited and predominantly from cloud computers in the US. The ...
Bleeping Computer

Public interest in Log4Shell fades but attack surface remains

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...
VentureBeat

CISA warns that Log4Shell remains a threat

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Last week, the Cybersecurity and Infrastructure Security Agency (CISA) ...
ZDNet

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners

The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the ...
Daily Mail

Chinese hackers are exploiting 'fully weaponised' software vulnerability which is causing 'mayhem on the web' and poses a threat to internet-connected devices worldwide ...

Chinese hackers are already exploiting a 'fully weaponised' software vulnerability which is causing mayhem on the web, with experts warning that it is the 'most serious' threat they have seen in ...
PC Magazine

Hackers Exploit Log4Shell to Infect VMware Horizon Servers

I've been writing about tech, including everything from privacy and security to consumer electronics and startups, since 2011 for a variety of publications.
Dark Reading

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...