Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...

Hackers could take control of millions of servers, shutting them down or forcing them to spew malware due to widely-used faulty code. Here's how it happened, and what can you do to protect yourself.

Using the Log4j exploit, the malware infects new hosts and uses DNS tunneling to receive instructions and exfiltrate data to and from the botnet's command and control servers.

The exploit allowed cyber threat actors to mount remote code execution (RCE) attacks on the widely used Apache Log4j Java logging library. An RCE exploit allows an attacker to run whatever code ...

State-backed hacking groups are some of the most advanced cyberattack operations in the world - but criminals don't need to rely on them if they can exploit unpatched cybersecurity flaws.

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.

“The firewall detected Log4j exploit attempts hitting CCTV cameras that were exposed,” he says. Thankfully, it was a security company scanning for vulnerabilities, and not a malicious attack.

The vulnerability is found in log4j, an open-source logging library used by apps and services across the internet.

Two MSPs who were not impacted still took the vulnerability as serious as possible, saying you must stay ready and assume the vulnerability is there.