Tags log4shell

'Spring4Shell' bug in framework for Java programming draws widespread warnings

by Joe Warminsky

Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.

In studying tech supply chain, feds cite open source products, device firmware

by Joe Warminsky

The White House ordered Commerce and Homeland Security to examine weak spots in how the IT and communications industries produce hardware and software.

Google Cloud offers good news and bad news on Log4Shell, other issues

by AJ Vicens

Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.

CISA's new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

by Tonya Riley

Private-sector experts say that public-private threat sharing is key.

Chinese hackers use Log4j exploit to go after academic institution

by Tonya Riley

The attack is the latest strike by Chinese hackers using Log4j.

CISA, Five Eyes issue guidance meant to slow Log4Shell attacks

by Tonya Riley

The joint agencies "assess that exploitation of these vulnerabilities, especially Log4Shell, is likely to increase and continue over an extended period."