Threat Post

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...
ZDNet

Not patched Log4j yet? Assume attackers are in your network, say CISA and FBI

A joint security alert by CISA and the FBI has warned organizations that haven't applied much-needed Log4j security patches and mitigations to VMware Horizon server instances to assume their network ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...