The widespread vulnerability that first appeared in Apache Log4j in 2021 will continue to be exploited, potentially even in worse ways than we've seen to date. The more worrisome aspect of these ...

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how visibility and shift-left security reduce exposure.

Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year ...

JP oversees the Research and Innovation teams that keep Onapsis on the cutting-edge of the business-critical application security market. In 2021, we commenced the year reeling from the aftermath of ...

The Cyber Safety Review Board (CSRB), created in 2021 to review major cyber events, released a report last summer recapping the 2021 discovery of the Log4j vulnerability. Its disclosure triggered a ...

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...

More than a year after the news broke in December 2021, the Log4j vulnerability, or Log4Shell to some, remains one of the most prolific cybersecurity incidents of our time. Still causing chaos for ...

Driven by significant cyber security disclosures affecting supply chain dependencies, such as Log4j and Realtek, threat actors have vastly increased their use of vulnerabilities as a means to work ...

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor ...