The Hacker News

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

China-linked hackers exploited multiple CVEs in April 2025 to target global entities with advanced persistence.
SDxCentral

‘Very Few Will Escape’ Log4j, Threat Researchers Say

Cybersecurity professionals and IT vendors spent the weekend scrambling to shore up systems before hackers exploited a zero-day vulnerability in the popular Apache Log4j open source logging tool.
Infosecurity-magazine.com

Two-Fifths of Log4j Apps Use Vulnerable Versions

Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor ...
Dark Reading

Process to Verify Software Was Built Securely Begins Today

Starting June 11 — today — US government contractors providing software that is considered part of the critical infrastructure will need to fill out a form asserting that their software followed ...
CSOonline

Cloudflare report: Log4j remains top target for attacks in 2023

Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year ...
Infosecurity-magazine.com

Impact of Log4Shell Bug Was Overblown, Say Researchers

Security researchers have claimed that a vulnerability described as the biggest and most critical ever discovered was far less dangerous than first believed. Log4Shell was a critical, CVSS 10.0-rated ...