Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
Dark Reading

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November — even though the number of publicly ...
CSOonline

Cloudflare report: Log4j remains top target for attacks in 2023

Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year ...
Homeland Security Today

PERSPECTIVE: Why the December 2021 Log4j Event Remains Top of Mind for Cyber Professionals

The Cyber Safety Review Board (CSRB), created in 2021 to review major cyber events, released a report last summer recapping the 2021 discovery of the Log4j vulnerability. Its disclosure triggered a ...
Forbes

Application Security Predictions For 2023

JP oversees the Research and Innovation teams that keep Onapsis on the cutting-edge of the business-critical application security market. In 2021, we commenced the year reeling from the aftermath of ...
Infosecurity-magazine.com

Over a Year of Log4j Lingering: Why We Need to Stop Viewing High-Severity Breaches as Anomalies

More than a year after the news broke in December 2021, the Log4j vulnerability, or Log4Shell to some, remains one of the most prolific cybersecurity incidents of our time. Still causing chaos for ...
Computer Weekly

Vulnerability exploitation volumes up over 50% in 2022

Driven by significant cyber security disclosures affecting supply chain dependencies, such as Log4j and Realtek, threat actors have vastly increased their use of vulnerabilities as a means to work ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
ZDNet

We are still failing to learn the most important lesson in cybersecurity. That needs to change, fast

One year ago, a newly discovered zero-day vulnerability rocked the world of cybersecurity, but 12 months on, there are clear signs that vital lessons haven't been learned. The catchily-titled CVE-2021 ...