Think #Log4Shell was a one-off bug? Think again.. What really caused it? How close was #Log4j to dying — multiple times? And what’s next for one of #Java’s oldest libraries? Christian Grobmeier’s new piece will surprise you.

Dive in: https://javapro.io/2025/06/10/the-long-history-of-log4j/

#JVM #Java @theasf

Hörenswerter Podcast "Wild Wild Web - Geschichten aus dem Internet" mit der Episode "Das wichtigste Hobby der Welt" über Open Source-Maintainer u. a. mit @foosel und der #Log4Shell Story

https://www.ardaudiothek.de/episode/urn:ard:episode:b15e62d1e3e6823a/

#Log4j begann als EU-Forschungsprojekt in den 90ern. Heute ist es eins der meistgenutzten #Java-Logging-Frameworks & überlebte #Log4Shell.
Wie ging das?

Christian Grobmeier Die Geschichte eines Projekts zwischen #OpenSource, Sicherheit & Verantwortung: https://javapro.io/de/die-lange-geschichte-von-log4j/

“It won't happen to me.” That's what #Tesla, #Atlassian & #Fortnite thought. Jonathan Vila walks you through the top hidden flaws still lurking in production code & how to shut the doors before it's too late.

Get smart: https://javapro.io/2025/04/29/top-security-flaws-injections/

Together with our Staff Software Engineer, Łukasz Rola, we’re launching a brand-new series: Java Crack of the Week!

https://youtube.com/watch?v=JhH9N6pWPKk

In the first episode, Łukasz dives deep into one of the most critical Java vulnerabilities ever discovered: Log4Shell (CVE-2021-44228).

This series is part of our celebration of Java’s 30th anniversary - make sure to subscribe to our YouTube channel for weekly episodes!

A single misstep in your infrastructure code can open the door to attacks. At #JCON2025, Jonathan Vila reveals the most common IaC security mistakes — and how to avoid them. Join his session!

Want to prep early? Check his #JAVAPRO article: https://javapro.io/2025/04/29/top-security-flaws-injections/

A single SQL line. One careless deserialization. That's all it takes to bring your app down. @vilojona shows how even top teams get it wrong and how you can get it right. Ready to patch your blind spots?

Start here: https://javapro.io/2025/04/29/top-security-flaws-injections/

Think your code is safe? So did #Tesla. @vilojona uncovers the top attacks hiding in your code right now - and how a single mistake can cost you everything.
Can you spot the flaw before hackers do?

Find out: https://javapro.io/2025/04/29/top-security-flaws-injections/

New Open-Source Tool Spotlight

Log4Shell still has lingering risks. If you're managing Java apps, check out Log4shell-detector on GitHub. It scans for vulnerable Log4j usage with minimal setup. Regular audits help keep your environment secure. #cybersecurity #Log4Shell

Project link on #GitHub https://github.com/Neo23x0/log4shell-detector

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots – Source: www.securityweek.com https://ciso2ciso.com/dhs-disbands-cyber-safety-review-board-ending-one-of-cisas-few-bright-spots-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #IncidentResponse #securityweekcom #securityweek #SaltTyphoon #Government #log4shell #Microsoft #Lapsus #CISA #CSRB #DHS

DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots https://www.securityweek.com/dhs-disbands-cyber-safety-review-board-ending-one-of-cisas-few-bright-spots/ #IncidentResponse #SaltTyphoon #Government #Log4Shell #Microsoft #Lapsus$ #CISA #CSRB #DHS

DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots https://www.securityweek.com/dhs-disbands-cyber-safety-review-board-ending-one-of-cisas-few-bright-spots/ #IncidentResponse #SaltTyphoon #Government #Log4Shell #Microsoft #Lapsus$ #CISA #CSRB #DHS

El 9 de diciembre de 2021, se anuncia la vulnerabilidad de seguridad log4j, conocida como Log4Shell, es una vulnerabilidad crítica detectada en la biblioteca de registro de Apache Log4j, detectada por primera vez en noviembre 24.
Esta, otorga a los hackers acceso y control total de los dispositivos que ejecutan versiones de Apache sin el parche de seguridad.

Today, 3 years ago, the (in)famous #Log4Shell vulnerability was made public.

This was an arbitrary code execution in the popular #Java logging framework #Log4j, the issue was there since 2013. This vulnerability received a CVSS severity rating of 10, the highest possible.

Hope you all updated your billions of devices running Java out there already!

Excited and honored to speak at the #Japan #Java User Group this November! I’ll dive into the story behind #Log4j and #Log4shell, explore the impacts on the open-source ecosystem, and discuss lessons learned since. Looking forward! #OpenSource #JUG
https://www.java-users.jp/post/night202411/

Log4Shell still sends shivers down my spine!

This #RedHat article revisits the infamous vulnerability and reminds us about software supply chain security, vulnerability management, and the power of open source collaboration. #Log4Shell #cybersecurity #redhat

https://developers.redhat.com/articles/2024/10/23/log4shell-vulnerability-shook-world-software-development

3 years after #Log4shell, Bloomberg wrote "Hackers are still targeting #Log4j". The article is not mindblowing, but it reminds us to update! https://www.bloomberg.com/news/newsletters/2024-10-09/hackers-still-target-outdated-software-flaw-despite-available-fixes?srnd=undefined

Three years after #Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems, join @brianverm, Jonathan Vila, Erik Costlow, and @frankdelporte for a lively #Java #OpenJDK and beyond discussion on Foojay !

https://foojay.io/today/foojay-podcast-58-how-java-developers-can-secure-their-code/

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware https://www.securityweek.com/two-years-on-log4shell-vulnerability-still-being-exploited-to-deploy-malware/ #Malware&Threats #Vulnerabilities #CVE202144228 #Log4Shell #Datadog #Log4j