JNDI

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.

December 14, 2021 19:39 GMT

Apache Log4j Zero-Day Exposes Java Applications to RCE

A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.

December 10, 2021 18:45 GMT

Hand-Picked Top-Read Stories

Weekly Top 10: 01.20.2025: fasthttp Used in New Bruteforce Campaign; Millions of Accounts Vulnerable Due to Google’s OAuth Flaw; The Great Google Ads Heist, and More.

RAT Roundup: How This Year’s More Interesting Trojans Could Affect You

Weekly Top 10: 01.06.2025: Brain Cipher Ransomware Gang Leaked Data from Rhode Island’s RIBrides Platform; Salt Typhoon Targets U.S. Treasury Department OFAC; Microsoft Issues Warning to .NET Developers, and More.

Trending Tags

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Apache Log4j Zero-Day Exposes Java Applications to RCE

Threat Advisories

Weekly Top 10: 01.20.2025: fasthttp Used in New Bruteforce Campaign; Millions of Accounts Vulnerable Due to Google’s OAuth Flaw; The Great Google Ads Heist, and More.

Weekly Top 10: 01.06.2025: Brain Cipher Ransomware Gang Leaked Data from Rhode Island’s RIBrides Platform; Salt Typhoon Targets U.S. Treasury Department OFAC; Microsoft Issues Warning to .NET Developers, and More.

Weekly Top 10: 12.30.2024: Cybersecurity Firm’s Chrome Extension Hijacked to Steal Users’ Data; New ‘Ottercookie’ Malware Used to Backdoor Devs in Fake Job Offers; White House Links Ninth Telecom Breach to Chinese Hackers, and More.

Weekly Top 10: 12.23.2024: Android Malware Delivered via the Amazon Appstore; TP-Link Network Devices Under Investigation by the US DoJ; Play Ransomware Group Takes Credit for Attack on Krispy Kreme, and More.

Weekly Top 10: 12.16.2024: OpenWrt Flaw Allows Distribution of Malicious Firmware; Vulnerability in WPForms Allows for Arbitrary Stripe Refunds; AuthQuake Attack Allows MFA Bypass for Microsoft Accounts, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware