Apache Software Foundation President David Nalley on Tuesday told the Senate Homeland Security & Government Affairs Committee it could take months, or even years, to fully eliminate the Log4j ...

The log4j vulnerability is a cybersecurity loop-hole that exploits a small, nearly ubiquitous piece of software called log4j, which is used for recording the activities of various computer programs.

Community driven content discussing all aspects of software development from DevOps to design patterns. In case you’ve been hiding under a rock – or perhaps hiding from endless yelping about security ...

Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news ...

When was the last time your company’s software was updated? If it was more than six months ago, your cybernetwork is at serious risk of exposure by hackers and you may be at risk of not complying with ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...

Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year ...

In a recent poll by certification group (ISC) 2, 52% of security professionals said their teams collectively spent weeks or more than a month remediating the remote code execution vulnerability in the ...

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Attackers are trying to log in to SolarWinds Serv-U file-sharing ...