这几天，Apache Log4j 2 绝对是众多 Java 程序员提到的高频词之一：由于 Apache Log4j 2 引发的严重安全漏洞，令一大批安全人员深夜修 Bug、打补丁。

在这个影响软件供应链根基的问题被自动化工具攻克之前，预计将有更多由 Log4j 引发的问题出现。 Log4j 漏洞风波暂平，但下一场暴雷可能已经在路上。

比利时政府官员公开承认遭到近期曝光的 Apache Log4j 漏洞网络攻击。本次攻击导致比利时国防部的部分计算机网络自周四以来一直处于关闭状态。

In December 2021, a critical vulnerability known as Log4Shell (CVE-2021-44228) was discovered in the widely-used Apache Log4j logging library. This flaw allowed attackers to execute arbitrary code on ...

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...

The vulnerability, which was reported late last week, is in Java-based software known as “Log4j” that large organizations use to configure their applications – and it poses potential risks ...

The vulnerability, which was reported late last week, is in Java-based software known as “Log4j” that large organizations use to configure their applications – and it poses potential risks ...

Over the weekend, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released a statement on what has become known as the "Log4j" vulnerability ...

Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...