A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

Understand the Log4j2 vulnerability and learn how you can tell (and what you should do) if your Gradle or Maven applications are exposed.

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.

ExtraHop threat researchers have observed attackers in the wild using encrypted traffic to avoid detection of Log4Shell attacks. This is consistent with the general trend of cyberattackers using ...

How to Detect Log4Shell Attacks in Encrypted Traffic To detect encrypted Log4Shell attacks, you have to be decrypting the right traffic.

JFrog releases multiple open source tools to help the developer community detect and remediate the Log4j vulnerability.

This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.

Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December ...

Researchers at two cybersecurity companies have detected hundreds of thousands of attempts to launch cyberattacks using the recently disclosed vulnerability in Log4j. The number of hacking ...