The Budworm espionage group leveraged the Log4j flaw to target a number of high-value organizations worldwide, including an unnamed U.S.-based state legislature.
The NSA, FBI and CISA revealed the top CVEs exploited since 2020 by Chinese threat actors to gain initial access to sensitive networks.
At Black Hat USA this week, Cyber Safety Review Board members tasked with looking at key lessons learned from Log4j talked about continued security issues facing the open source community.
The Cyber Safety Review Board’s report on the Log4j flaw pointed to an open-source software ecosystem riddled with security challenges.
APT teams are still exploiting the Log4Shell flaw in VMware Horizon and Unified Access Gateway, six months after the initial disclosure.