#Log4Shell

@cvedatabase.bsky.social

3 weeks ago

🔍 CVE-2021-44228 (Log4Shell)
Three years later, Log4Shell is still being scanned for on the internet every single day.
Why?
Legacy Java apps
Forgotten containers
Vendors who never backported fixes

👉 Breakdown & mitigation:
cvedatabase.com/cve/CVE-2021...
#CVE #Log4Shell #CyberSecurity

Carolina Code Conference

@codescarolina.bsky.social

3 weeks ago

Software Composition Analysis: Protecting Against Log4Shell #shorts Discover how software composition analysis can help prevent Log4Shell-like attacks. Learn how it could've helped your organization avoid the scramble. #Log4Shell #SoftwareAnalysis #Cybersecurity #Vulnerability

ICYMI: Software Composition Analysis: Protecting Against Log4Shell #shorts: Discover how software composition analysis can help prevent Log4Shell-like attacks. Learn how it could've helped your organization avoid the scramble. #Log4Shell #SoftwareAnalysis #Cybersecurity #Vulnerability

Carolina Code Conference

@codescarolina.bsky.social

1 month ago

Software Composition Analysis: Protecting Against Log4Shell #shorts Discover how software composition analysis can help prevent Log4Shell-like attacks. Learn how it could've helped your organization avoid the scramble. #Log4Shell #SoftwareAnalysis #Cybersecurity #Vulnerability

Software Composition Analysis: Protecting Against Log4Shell #shorts: Discover how software composition analysis can help prevent Log4Shell-like attacks. Learn how it could've helped your organization avoid the scramble. #Log4Shell #SoftwareAnalysis #Cybersecurity #Vulnerability

Rob Rosenberger

@vmyths.bsky.social

2 months ago

FTR my #EICAR & #Log4Shell #antivirus vehicle QR codes had nothing to do with this pileup

Jan Schaumann

@jschauma.mstdn.social.ap.brid.gy

2 months ago

For my fellow Log4j victims celebrating 4 years #log4shell PTSD: CVE-2025-68161

"The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2 […]

Carolina Code Conference

@codescarolina.bsky.social

2 months ago

Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security #cybersecurity #Dependabot #vulnerability

FYI: Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts: When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security…

Pentest-Tools.com

@pentest-tools.com

3 months ago

We haven't seen a CVSS 10.0 this scary since #Log4Shell. 🚨

Everyone talks about detecting #React2Shell (CVE-2025-55182). But detection based on banner grabbing is just a guess.

To truly know if you're exposed, you need to validate it.

So we launched the exploit.

Red Hot Cyber

@redhotcyber.bsky.social

3 months ago

React2Shell = Log4shell: 87.000 server in Italia a rischio compromissione

📌 Link all'articolo : www.redhotcyber.com/post/rea...

#redhotcyber #news #cybersecurity #hacking #malware #ransomware #log4shell #vulnerabilita #serverarischio #hacker

Carolina Code Conference

@codescarolina.bsky.social

3 months ago

Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security #cybersecurity #Dependabot #vulnerability

ICYMI: Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts: When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security…

Carolina Code Conference

@codescarolina.bsky.social

4 months ago

Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security #cybersecurity #Dependabot #vulnerability

Log4Shell: 4 Years Later, Are You Still Vulnerable? #shorts: When the Log4Shell attack hit, teams scrambled. Older Log4j versions needed manual workarounds. What if a bot could try upgrades and run tests? Teams with test suites stay up-to-date, owning their security. #Log4Shell #security…

@thegoofyguys.bsky.social

4 months ago

Zero-Day Explained: The Invisible War Between Hackers and Developers What if there was a secret master key that could unlock millions of digital doors, and only a handful of people knew it existed? That's a "zero-day"—a hidden flaw in the software we use every day. From the moment it's discovered, a silent, high-stakes race begins between those who would weaponize it and those scrambling to fix it. Welcome to "Zero-Day to Mainstream." In this episode, we reveal the secret lifecycle of a software vulnerability. You'll follow a flaw's journey from its discovery by an ethical hacker, to its weaponization by cybercriminals, and finally, to the frantic global effort to create and deploy a patch. We'll decode the jargon (what is a CVE?), explore the murky world of the zero-day market, and understand the race against time that determines the safety of our digital world. How secure is the software you're using right now?

📣 New Podcast! "Zero-Day Explained: The Invisible War Between Hackers and Developers" on @Spreaker #infosec #attack #bounty #bug #cve #cyber #cybersecurity #data #exploit #hacking #hat #information #log4shell #news #patching #security #tech #vulnerability #white #zero_day

Christian Grobmeier

@grobmeier.de

4 months ago

From Log4Shell to the Sovereign Tech Fund: Lessons in Open Source Sustainability Podcast-Folge · The GitHub Podcast · 21.10.2025 · 31 Min.

Only a few days ago, I joined Abby and Felix Reda on the Github Podcast—to talk about funding in #opensource that we have received from @sovereign.tech

podcasts.apple.com/de/podcast/f...

#java #log4j #log4shell

Alvin Ashcraft

@alvinashcraft.com

4 months ago

From Log4Shell to the Sovereign Tech Fund: Lessons in Open Source Sustainability | The GitHub Podcast In this episode of the GitHub Podcast, Abby sits down with Felix Reda, Director of Developer Policy at GitHub, and Christian Grobmeier, a longtime Log4J maintainer, to reflect on the aftermath of the…

GitHub Podcast Episode 41 - From Log4Shell to the Sovereign Tech Fund: Lessons in Open-Source Sustainability

buff.ly/VNda5qM

#podcast #github #log4shell #security #oss #devcommunity

Christian Grobmeier

@grobmeier.de

4 months ago

I never imagined GitHub would ask me to speak about #Log4Shell.
But it happened.

@github.com asked me to share the story as I lived it, for the benefit of users of #opensource. How could I say no?

I hope it helps build a more secure future.
No more Log4Shell.

#java

Twuai

@twuai.bsky.social

5 months ago

Top common vulnerabilities 2021 | How to exploit them including log4shell 🔥 | Proof of Concept In this video, Top common vulnerabilities 2021 along with POC in step-by-step manner. 🔔 Subscribe to our YouTube channel 👇 https://www.youtube.com/c/Cyberskills99?sub_confirmation=1 #cve #exploited...

Top common vulnerabilities 2021 | How to exploit them including log4shell 🔥 | Proof of Concept
twuai.com/search/opMhW...
#cybersecurity #infosec #cve #vulnerabilities #log4shell #exploiting #howto

InfoQ

@infoq.com

5 months ago

Most organizations use #OpenSource without knowing what’s inside. When a zero-day vulnerability like #Log4Shell hits, that turns a bug into a crisis.

🎧 This #InfoQ #podcast unpacks the EU Cyber Resilience Act and its impact on open-source projects: bit.ly/42QfLQh

#Security #SoftwareSupplyChain

Christian Grobmeier

@grobmeier.de

5 months ago

Java Logging - Christian Grobmeier Logging is a must-know skill for Java developers. Logging is the art of making things visible—and when your codebase crashes at 5PM Friday you’ll want all the data you can get about your application!...

I dreamed of writing a "#Java Logging" book after #Log4shell hit.

Today I’m proud to share:
@manning.com just launched it in MEAP.

Hard to describe what that means—a circle closes.

Until Oct 2: 50% off:
hubs.la/Q03Jv97v0

#log4j #java #logback #slf4j

Nikos Vaggalis

@nikosvg.bsky.social

6 months ago

Prevent The Next Log4Shell - A Call To Action
"Open Source Economy is a new nonprofit organization formed by maintainers of several critical #Java libraries to build a safer, stronger Java ecosystem and avert incidents such as #Log4Shell "

On IProgrammer ▶️https://cutt.ly/8rVlMxlj

#jvm #opensdk

Twuai

@twuai.bsky.social

6 months ago

Exploits Explained: How Log4j, Buffer Overflows and Other Exploits Work Exploits represent any piece of code, data or sequence of commands that targets a vulnerable application for the purpose of gaining unauthorized access. Log4j is one of the most popular recent exploit...

Exploits Explained: How Log4j, Buffer Overflows and Other Exploits Work twuai.com/search/PwQlE...
#hacking101 #exploiting #shellcoding #payload #asm #debugging #lowlevel #assembly #clang #java #arm #BoF #heap #cyberattacks #heapspraying #ropgadgets #retlibc #ldap #log4shell

Jfokus

@jfokus.se

1 year ago

Thrilled to share Aman Sharma's quickie at #Jfokus 2025: "Securing Software Supply Chain at Runtime" 🔒

Learn how runtime tools can prevent attacks like #Log4Shell by stopping malicious code in its tracks. A must-see for anyone tackling supply chain vulnerabilities! 🚀

#Java

キタきつね

@kitafox.bsky.social

1 year ago

What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches…

ゼロデイ脆弱性とは？悪用や攻撃を防ぐ

What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks #SecurityBoulevard (Dec 12)

#ゼロデイ脆弱性 #サイバー攻撃 #セキュリティ対策 #Log4Shell #多層防御

Retro Computing MX

@retrocompmx.bsky.social

1 year ago

publicando un código de explotación en GitHub.
Afectó en forma drástica a los servidores de Minecraft, Cloudflare, Microsoft y Amazon.
#retrocomputingmx #Log4Shell #vulnerability

Retro Computing MX

@retrocompmx.bsky.social

1 year ago

Esta, otorga a los hackers acceso y control total de los dispositivos que ejecutan versiones de Apache sin el parche de seguridad.
En esta fecha, los investigadores de seguridad de Alibaba encuentran evidencia de que Log4Shell se encontraba
#retrocomputingmx #Log4Shell #vulnerability

Retro Computing MX

@retrocompmx.bsky.social

1 year ago

El 9 de diciembre de 2021, se anuncia la vulnerabilidad de seguridad log4j, conocida como Log4Shell, es una vulnerabilidad crítica detectada en la biblioteca de registro de Apache Log4j, detectada por primera vez en noviembre 24.

#retrocomputingmx #Log4Shell #vulnerability

ascherbaum.bsky.social

@ascherbaum.bsky.social

1 year ago

Today, 3 years ago, the (in)famous #Log4Shell vulnerability was made public.

This was an arbitrary code execution in the popular #Java logging framework #Log4j, the issue was there since 2013.

Hope you all updated your billions of devices running Java out there already!

Praveen Kottarathil

@praveenkp.bsky.social

1 year ago

Next Monday, 24-Nov-24 is the third anniversary of the infamous #log4shell vulnerability disclosure. Remember the scramble to identify what in your estate has the dependency & are exploitable? How did your discovery & governance game improved since then?

Christian Grobmeier

@grobmeier.de

1 year ago

JJUGナイトセミナー「Log4j特集」11/20(水) 開催 11月のナイトセミナーは「Log4j特集」としてお送りいたします。 3年前に話題となった「Log4shell」。その舞台裏についてのセッションとなります。ぜひご参加ください。 ご注意 場所がいつもの日本マイクロソフト （品川）ではなく、ウルシステムズになります。 英語によるセッションです。通訳などはございません。 お申し込みは下記Doorkeeperページよりお願いします。…

Excited and honored to speak at the #Japan #Java User Group this November! I’ll dive into the story behind #Log4j and #Log4shell, explore the impacts on the open-source ecosystem, and discuss lessons learned since. Looking forward! #OpenSource #JUG

Markus Eisele

@myfear.com

1 year ago

Log4Shell: The vulnerability that shook the world of software development | Red Hat Developer Log4Shell exposed a massive security gap in widely used open-source software. Learn how a multidimensional analysis approach can help you prevent the next big vulnerability in your stack.

Log4Shell still sends shivers down my spine! 😱
Revisit the infamous vulnerability & learn about software supply chain security, and the power of open source. #Log4Shell #security

YourAnonRiots 🐈️🏴🇵🇸🇲🇲🦋

@youranonriots.bsky.social

2 years ago

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network FritzFrog Malware Returns with Log4Shell Twist, Targeting Your Internal Systems Patch now & avoid becoming the next victim

🚨 #FritzFrog botnet returns, using #Log4Shell, memory-resident payloads, and PwnKit to exploit unpatched INTERNAL systems. Employing new tactics to stay hidden and evade detection.
thehackernews.com/2024/02/frit...
#hacking #cybersecurity #technews

Apache Log4j (Logging Services)

@handle.invalid

2 years ago

We were invited to a podcast with some PMC members to talk about #log4j (but also #log4shell). It was awesome. We talked a lot about the future and even Apache Flume. It will appear on the ASF podcast channel; You'll find a link here once it is published.
#opensource #log4j #java