HIGH severity: Chinese hackers target legacy Log4j & IIS bugs for global espionage. If you run outdated systems, patch immediately, audit assets, & step up monitoring. https://radar.offseq.com/threat/from-log4j-to-iis-chinas-hackers-turn-legacy-bugs--dd6b8851 #OffSeq #CyberSecurity #PatchNow
November 9, 2025 at 9:02 AM
HIGH severity: Chinese hackers target legacy Log4j & IIS bugs for global espionage. If you run outdated systems, patch immediately, audit assets, & step up monitoring. https://radar.offseq.com/threat/from-log4j-to-iis-chinas-hackers-turn-legacy-bugs--dd6b8851 #OffSeq #CyberSecurity #PatchNow
Euclid 2.13 is released: https://github.com/BlueObelisk/euclid/releases/tag/euclid-2.13
Minor update that is tested with Java 21 and 25, for which it removed the unused ThriftyList class. It also upgraded dependencies to Log4j 2.25.2 and Commons Lang3 3.19
Euclid is a library of numeric […]
Minor update that is tested with Java 21 and 25, for which it removed the unused ThriftyList class. It also upgraded dependencies to Log4j 2.25.2 and Commons Lang3 3.19
Euclid is a library of numeric […]
Original post on fosstodon.org
fosstodon.org
November 2, 2025 at 4:37 PM
Euclid 2.13 is released: https://github.com/BlueObelisk/euclid/releases/tag/euclid-2.13
Minor update that is tested with Java 21 and 25, for which it removed the unused ThriftyList class. It also upgraded dependencies to Log4j 2.25.2 and Commons Lang3 3.19
Euclid is a library of numeric […]
Minor update that is tested with Java 21 and 25, for which it removed the unused ThriftyList class. It also upgraded dependencies to Log4j 2.25.2 and Commons Lang3 3.19
Euclid is a library of numeric […]
C'est pas tout à fait la même chose : ce strip d'XKCD parle des petits projets open source sur lesquels toute l'industrie se repose en les considérant comme acquis (curl, log4j...). Des trucs que, si MS/Google voulaient reproduire, ils pourraient. Chromium c'est une machinerie...
October 27, 2025 at 7:47 AM
C'est pas tout à fait la même chose : ce strip d'XKCD parle des petits projets open source sur lesquels toute l'industrie se repose en les considérant comme acquis (curl, log4j...). Des trucs que, si MS/Google voulaient reproduire, ils pourraient. Chromium c'est une machinerie...
Only a few days ago, I joined Abby and Felix Reda on the Github Podcast—to talk about funding in #opensource that we have received from @sovereign.tech
podcasts.apple.com/de/podcast/f...
#java #log4j #log4shell
podcasts.apple.com/de/podcast/f...
#java #log4j #log4shell
From Log4Shell to the Sovereign Tech Fund: Lessons in Open Source Sustainability
Podcast-Folge · The GitHub Podcast · 21.10.2025 · 31 Min.
podcasts.apple.com
October 25, 2025 at 5:46 AM
Only a few days ago, I joined Abby and Felix Reda on the Github Podcast—to talk about funding in #opensource that we have received from @sovereign.tech
podcasts.apple.com/de/podcast/f...
#java #log4j #log4shell
podcasts.apple.com/de/podcast/f...
#java #log4j #log4shell
god that cracked log4j logo is genAI as well
October 23, 2025 at 9:11 AM
god that cracked log4j logo is genAI as well
if the log4j team knew this thing was dangerous already they would, obviously, have already done something about it. the whole point is many things are dangerous in non-obvious ways and there isn't a simple "make the software good" button you can press
October 23, 2025 at 9:09 AM
if the log4j team knew this thing was dangerous already they would, obviously, have already done something about it. the whole point is many things are dangerous in non-obvious ways and there isn't a simple "make the software good" button you can press
The internet was on fire. 🔥
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.
Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 github.blog/open-source/...
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.
Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 github.blog/open-source/...
October 20, 2025 at 6:37 PM
The internet was on fire. 🔥
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.
Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 github.blog/open-source/...
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.
Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 github.blog/open-source/...
Remember Log4J?
Every time someone trips over a cord in Virginia and takes down half the internet, I’m reminded how powerful a unionized tech industry could be
October 20, 2025 at 3:33 PM
Remember Log4J?
Yeppppppp
Has xkcd done a thing on dns yet? (They did a log4j one I recall)
Has xkcd done a thing on dns yet? (They did a log4j one I recall)
October 20, 2025 at 11:58 AM
Yeppppppp
Has xkcd done a thing on dns yet? (They did a log4j one I recall)
Has xkcd done a thing on dns yet? (They did a log4j one I recall)
I'm not in the java ecosystem. Has the {x}4j branding suffered at all? Because whenever I hear, for example neo4j, I immediately think of log4j and log4shell
March 6, 2025 at 8:05 AM
I'm not in the java ecosystem. Has the {x}4j branding suffered at all? Because whenever I hear, for example neo4j, I immediately think of log4j and log4shell
Новая угроза: хакеры Lazarus используют уязвимость Log4j для распространения RAT-малвари
https://kripta.biz/posts/DDCABDEE-527C-4BD8-9AC6-5063D81BD44E
https://kripta.biz/posts/DDCABDEE-527C-4BD8-9AC6-5063D81BD44E
February 28, 2025 at 1:24 PM
Новая угроза: хакеры Lazarus используют уязвимость Log4j для распространения RAT-малвари
https://kripta.biz/posts/DDCABDEE-527C-4BD8-9AC6-5063D81BD44E
https://kripta.biz/posts/DDCABDEE-527C-4BD8-9AC6-5063D81BD44E
log4j lab-leak hypothesis content
November 3, 2024 at 5:00 PM
log4j lab-leak hypothesis content
There should be enough log4j memes here to last you through this year. https://log4jmemes.com/
February 12, 2024 at 11:28 AM
There should be enough log4j memes here to last you through this year. https://log4jmemes.com/
Et ça cause libs open source, CI/CD, log4j,... Bref, elles sont top :)
May 14, 2025 at 7:34 PM
Et ça cause libs open source, CI/CD, log4j,... Bref, elles sont top :)
I'd feign shock at Log4j still being exploited in 2025, but honestly it'd probably be more shocking if suddenly we stopped seeing outdated and unpatched systems around the world, and attempts to identify and exploit them. Know bsky doesn't get a ton of engagement, but appreciate the posts here!
March 13, 2025 at 9:47 PM
I'd feign shock at Log4j still being exploited in 2025, but honestly it'd probably be more shocking if suddenly we stopped seeing outdated and unpatched systems around the world, and attempts to identify and exploit them. Know bsky doesn't get a ton of engagement, but appreciate the posts here!
A small company employee is overwhelmed managing vulnerabilities in Defender. They use Tenable for some scans but lack monitoring. Struggling with both software updates and hard-to-patch issues like Log4j on servers handled by a sysadmin. They seek advice to improve their vuln management plan.
Vulnerability management in Defender - I'm overwhelmed and need some guidance!
So, I work for a small company and we're starting to realize that we don't really have all of our bases covered when it comes to vulnerability management. We use Tenable to scan devices and apps i...
reddit.com
June 19, 2025 at 7:42 AM
A small company employee is overwhelmed managing vulnerabilities in Defender. They use Tenable for some scans but lack monitoring. Struggling with both software updates and hard-to-patch issues like Log4j on servers handled by a sysadmin. They seek advice to improve their vuln management plan.
Origin
archlinux.org
October 23, 2025 at 7:36 PM
🤣 CVE-2025-47912 🤣
every new language, has the same old bugs.
GoLang: http://[;whoami].example.com
Java/Log4J: ${java:version}
Shellshock ...
Parsing is hard
every new language, has the same old bugs.
GoLang: http://[;whoami].example.com
Java/Log4J: ${java:version}
Shellshock ...
Parsing is hard
November 7, 2025 at 2:37 PM
🤣 CVE-2025-47912 🤣
every new language, has the same old bugs.
GoLang: http://[;whoami].example.com
Java/Log4J: ${java:version}
Shellshock ...
Parsing is hard
every new language, has the same old bugs.
GoLang: http://[;whoami].example.com
Java/Log4J: ${java:version}
Shellshock ...
Parsing is hard
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. en…
#hackernews #news
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. en…
#hackernews #news
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.
The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government
thehackernews.com
November 8, 2025 at 9:31 PM
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. en…
#hackernews #news
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. en…
#hackernews #news
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools reconbee.com/log4j-to-iis...
#Log4j #IIS #chinahackers #chinesehackers #legacybugs #globalespionagetools #cyberattack
#Log4j #IIS #chinahackers #chinesehackers #legacybugs #globalespionagetools #cyberattack
Log4j to IIS China's Hackers Turn Legacy Bugs into Global Espionage Tools
exploitation were successful read more about From Log4j to IIS China's Hackers Turn Legacy Bugs into Global Espionage Tools
reconbee.com
November 10, 2025 at 7:30 AM
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools reconbee.com/log4j-to-iis...
#Log4j #IIS #chinahackers #chinesehackers #legacybugs #globalespionagetools #cyberattack
#Log4j #IIS #chinahackers #chinesehackers #legacybugs #globalespionagetools #cyberattack
'Instead of fixing specific problems, the CSRB reports are about promoting broad policy level initiatives. For example, their report on the Log4j vulnerabilities contains no help for how organizations can find vulnerable systems.
January 23, 2025 at 12:13 AM
'Instead of fixing specific problems, the CSRB reports are about promoting broad policy level initiatives. For example, their report on the Log4j vulnerabilities contains no help for how organizations can find vulnerable systems.
State of Java in S E Asia Azul 2025 State of Java Survey & Report: Survey of over 2,000 Java ...
https://digiconasia.net/infographic/state-of-java-in-s-e-asia
#DevOps #and #AppDev #Infographics #AI #development #Azul #Log4j #vulnerabilities #State #of
Event Attributes
https://digiconasia.net/infographic/state-of-java-in-s-e-asia
#DevOps #and #AppDev #Infographics #AI #development #Azul #Log4j #vulnerabilities #State #of
Event Attributes
February 15, 2025 at 8:42 AM
State of Java in S E Asia Azul 2025 State of Java Survey & Report: Survey of over 2,000 Java ...
https://digiconasia.net/infographic/state-of-java-in-s-e-asia
#DevOps #and #AppDev #Infographics #AI #development #Azul #Log4j #vulnerabilities #State #of
Event Attributes
https://digiconasia.net/infographic/state-of-java-in-s-e-asia
#DevOps #and #AppDev #Infographics #AI #development #Azul #Log4j #vulnerabilities #State #of
Event Attributes
NFT's are a worse cancer than unpatched log4j instances. There, I said it.
https://medium.com/quine/the-1st-commit-of-git-git-no-longer-belongs-to-linus-torvalds-ea1df6f8f025
https://medium.com/quine/the-1st-commit-of-git-git-no-longer-belongs-to-linus-torvalds-ea1df6f8f025
The 1st commit of git/git no longer belongs to Linus Torvalds
or how the GitNFT community found an exploit in GitHub ✨
medium.com
November 22, 2024 at 10:09 PM
NFT's are a worse cancer than unpatched log4j instances. There, I said it.
https://medium.com/quine/the-1st-commit-of-git-git-no-longer-belongs-to-linus-torvalds-ea1df6f8f025
https://medium.com/quine/the-1st-commit-of-git-git-no-longer-belongs-to-linus-torvalds-ea1df6f8f025
Log4j: The Worst Vulnerability In Nearly A Decade? By @billatnapier
https://medium.com/asecuritysite-when-bob-met-alice/log4j-the-worst-vulnerability-in-nearly-a-decade-e0cc80cbb49a
https://medium.com/asecuritysite-when-bob-met-alice/log4j-the-worst-vulnerability-in-nearly-a-decade-e0cc80cbb49a
Log4j: The Worst Vulnerability In Nearly A Decade?
A Last Legacy of Problems?
medium.com
November 14, 2024 at 10:57 AM
Log4j: The Worst Vulnerability In Nearly A Decade? By @billatnapier
https://medium.com/asecuritysite-when-bob-met-alice/log4j-the-worst-vulnerability-in-nearly-a-decade-e0cc80cbb49a
https://medium.com/asecuritysite-when-bob-met-alice/log4j-the-worst-vulnerability-in-nearly-a-decade-e0cc80cbb49a
Over 30% of Log4J apps use a vulnerable version of the library
Over 30% of Log4J apps use a vulnerable version of the library
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
www.bleepingcomputer.com
December 10, 2023 at 3:38 PM
Over 30% of Log4J apps use a vulnerable version of the library