LunaSec – WindowsTechs.com

Spring4Shell: No need to panic, but mitigations are advised

Posted on March 31, 2022 by Zeljka Zorz

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began… Continue reading Spring4Shell: No need to panic, but mitigations are advised→

Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

Posted on December 10, 2021 by Zeljka Zorz

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)→