Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Log4j (security vulnerability)

Apache Log4j is an open source Java-based logging utility. In late 2021, researchers discovered a critical vulnerability in Log4j.

The ‘Log4Shell’ bug has been described by one security expert as “another ‘flashbulb memory’ event in the timeline of significant vulnerabilities”.

The CVSS 10-rated vulnerability has a colossal attack surface extending downstream to countless applications, plugins, and packages.

Log4j’s ubiquity means the reverberations of the flaw will likely be felt for a long time to come.