Techzine Europe

Is React2Shell the new Log4Shell?

React Server Components contains a vulnerability that can be exploited on a large scale. To what extent is it similar to the ...
CSO Online

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.
Dark Reading

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further ...
Threat Post

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Jen Easterly, the director of the Cybersecurity and Infrastructure ...
CSOonline

Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft’s Patch Tuesday blunder

Vulnerability disclosures often come in bunches, and unvetted patch updates can create their own problems. Here's how to assess and prioritize both. The past few weeks left IT professionals ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
Bleeping Computer

Amazon Web Services fixes container escape in Log4Shell hotfix

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments ...
Diginomica

Is Log4j relevant to ERP managers? Yes, and we should prepare for the next security hack now

When the Log4j vulnerability news first came out, it seemed like a problem for overworked security experts. But as the patching crisis unfolded, many ERP managers spent their holidays on the job ...
ZDNet

Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list

During 2021, the top 15 vulnerabilities that were exploited -- as observed by the US Cybersecurity and Infrastructure Security Agency, US NSA, US FBI, the Australian Cyber Security Centre, the ...
VentureBeat

Spring Core vulnerability doesn’t seem to be Log4Shell all over again

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat. Security researchers at several organizations ...
ZDNet

Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...