A panel of U.S. government officials and private-sector experts tasked with investigating the nation's major cybersecurity failures has concluded that the notorious Log4j internet bug did not prompt ...

Like meteorologists after category 5 hurricanes, cybersecurity experts often seem foolish for overestimating the potential damage from the latest security bug. Unfortunately, that’s probably not going ...

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity ...

It feels like the world has a lot of Pandora's boxes open at once right now. Last week another crisis came into view with disclosure of a vulnerability in the widely used open source Apache logging ...

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...

A major cybersecurity vulnerability is impacting nearly all of the internet, sending everything from financial institutions to government entities scrambling to patch their systems, before ...

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...

A month after the disclosure of CVE-2021-44228, aka Log4Shell, a critical vulnerability in the Apache Log4j Java package, up to 40% of new downloads are still at risk of compromise despite the ...

President of Anomali. A leader in intelligence-driven cybersecurity, an ArcSight cofounder and an Ernst & Young Entrepreneur of The Year. If you are like most security leaders, you've encountered ...