For some bug bounty hunters, the Log4Shell hunt never truly ended. 😈. While most moved on, some researchers know this vulnerability is still hiding in production systems across the web, even today 👀. We just published a comprehensive guide showing exactly how to uncover

🔥 #APTs in 2025 still abuse ProxyShell, Log4Shell, & Fortinet flaws. ⚠️ Patch or become a breach headline. 📖 Full Q1 2025 findings: #ThreatIntel #CyberAttack #StaySecure #APTs #CyberDefense #ZeroTrust #Cybersecurity #Kaspersky #Securelist #Linux

Breaking down how the Log4Shell attack works 👇

I use Log4shell canaries in my passwords and I have one per website. It’s been crazy interesting the sites that I have gotten pings for and where the pings are from. I think it’s cool. It would be a fun talk to put together and a good story to tell but not useful….

🧵 How Open Source Communities Handle Security Crises - and what founders & solo builders can learn. Two of the biggest software vulnerabilities in history:.- Heartbleed (2014).- Log4Shell (2021). Let’s dive in👇

(🧵Thread) CVE-2021-44228 (Log4j Scanning Campaign) Is Back and Stronger than Ever. 4 Years after the exploit was first published, the CrowdSec Network still detects active campaigns targeting the Log4Shell class of exploits. (🧵1/6)

I'm trying something different. 3 inch Velcro patches for Crowdstruck, Solorigate, MOVEit Transfer and Log4shell. In recognition of analysts and responders who handled these major incidents, working nights, weekends and holidays. I think of them as merit badges.

Log4Shell騒動の裏でこんなことが… #jjug

Our JFrog Senior Solution Engineers break down how to protect your applications this December and beyond. Learn key steps to safeguard your code and keep the on-call pager silent: #Log4J #CyberSecurity #Log4Shell #DevSecOps

🌐 Server-Side Bugs That Pay Big. • SSRF (internal request abuse).• SSTI (template injection).• XXE (XML Entity Injection).• Log4Shell-style payloads.• Blind bugs with Burp Collaborator. 💣 Quiet bugs, massive impact. #BugBounty #SSRF #EthicalHacking #bugbountytip.

When you see java.exe spawning weird child processes, it’s time to investigate. I will be doing a write-up of analyzing a Log4Shell payload via a memory dump!

Three years later, #Log4Shell is still a wake-up call. Thankfully JFrog experts, Richard Clark and Gabe Martino, demonstrate how you can create a Curation policy by leveraging the JFrog integration with @github's CoPilot. Get a refresher on the risks and actions you can take

Cyber teams that are winning are practicing with real vulnerabilities BEFORE they become emergencies. Learn how hands-on CVE labs transform how security professionals prepare for threats - from Log4Shell to the latest zero-days. Read the full article:

Del caso 'left-pad' al Log4Shell, queda claro que el funcionamiento de Internet depende de un puñado de 'geeks' trabajando por amor al arte #CiberSeguridad #Internet #web #tecnología #Noticia vía @genbeta

Putain, 8 failles de sécu qui ont de belles répercussions. l'IT est un château de carte que l'on redécouvre a chaque faille de sécu importante, coucou OpenSSL, Log4Shell, etc.

🔥 Trump has just terminated all DHS advisory committee memberships, including the key Cyber Safety Review Board (CSRB). CSRB's past work included:.⤷ Reporting on Log4Shell and LAPSUS$ intrusions.⤷ Investigating Salt Typhoon group. Read →

I worked with a local silkscreen artist to make these patches for Crowdstruck, MOVEit Transfer and Log4shell. In recognition of analysts and responders who handled these major incidents, working nights, weekends and holidays. I think of them as merit badges. Ready to be pinned or

I remember when Log4shell came out I used a canary as my attempted username in a game client and got a callback. Reported, had it patched in <24hrs and even though there was no formal bug bounty program they gave me some swag and a game. Always interesting to see this stuff 👏.

Still gets robbed in Minecraft after getting Log4Shell'd.