Connect with us

News

Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.

Published

4 years ago

on

log4j vulnerability to wreak havoc on the internet for years to come

As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.

The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.

Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.

“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.

In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.

That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.

Also Read: How To Enable WhatsApp Disappearing Messages For All Chats

Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.

Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.

Related Topics:
Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 23K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

Instagram Now Lets You Tune Its Algorithm, But There’s One Big Catch

The new controls promise users “agency” over their feed, but asking to see more from accounts you actually follow returns an error.

Published

3 days ago

on

June 11, 2026

By

instagram now lets you tune its algorithm but there's one big catch
Instagram

Instagram has expanded its algorithm personalization feature to the main feed, letting users specify which topics they want surfaced more or less often in recommendations.

Instagram chief Adam Mosseri framed the change as a matter of user control. “I believe it’s in our best interest as a business to empower people to shape Instagram into something that works for them, and that people should be able to have a meaningful amount of agency over the products they spend so much time in,” he wrote on Threads.

Though it turns out that agency has limits. The controls only accept interest-based topics, such as “rescue dogs” or “parenting humor”. Requesting “posts from people I follow” returns no results, which is obviously a sore point for creators whose posts rarely reach their own audiences. Mosseri conceded the tension: “Who you follow used to be a meaningful tool people had for shaping their own experience, and as recommendations took over the main feed that tool quietly stopped working”.

Also Read: How To Find & Cancel Pending Instagram Requests

Instagram credits large language models for making its algorithms legible enough to personalize, and says it is “actively working on supporting requests for people, different moods or vibes, content types, and more” – potentially leading to a fully “bespoke” version of the app.

Continue Reading

#Trending