Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

Help Net Security

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundation by Chen Zhaojun of Alibaba Cloud Security Team, the bug has now apparently been fixed in Log4j v2.15.0, just as a PoC has popped up on GitHub and there are reports that attackers are already attempting to compromise … More →

The post Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228) appeared first on Help Net Security.