'Spring4Shell' bug in framework for Java programming draws widespread warnings
Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.
In studying tech supply chain, feds cite open source products, device firmware
The White House ordered Commerce and Homeland Security to examine weak spots in how the IT and communications industries produce hardware and software.
Google Cloud offers good news and bad news on Log4Shell, other issues
Potential intruders are still scanning for the bug every day, but the company says many vendors have been on top of fixing vulnerable instances of Log4j software.
CISA's new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug
Private-sector experts say that public-private threat sharing is key.
Chinese hackers use Log4j exploit to go after academic institution
The attack is the latest strike by Chinese hackers using Log4j.
CISA, Five Eyes issue guidance meant to slow Log4Shell attacks
The joint agencies "assess that exploitation of these vulnerabilities, especially Log4Shell, is likely to increase and continue over an extended period."