A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.

US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.

Criminal groups and even suspected state-sponsored hacking groups continue to exploit a serious vulnerability in Apache Log4j with ransomware and other forms of malware. According to research from ...

House Energy and Commerce Committee leaders asked several federal agencies about mitigation efforts, following a previous CISA emergency directive about the vulnerability.

What some call the worst cybersecurity catastrophe of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.

Log4j is a programming code written in Java and created by volunteers within the Apache Software Foundation to run across a handful of platforms: Apple's macOS, Windows and Linux.

Understand the Log4j2 vulnerability and learn how you can tell (and what you should do) if your Gradle or Maven applications are exposed.

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

A vulnerability Log4j bug is causing Minecraft users to be exposed to potentially dangerous threats. Learn more about the issue.