Guys, whoever is using my Log4Shell/Log4J payload from Pastebin, make sure to replace my token ( with your own. I don’t mind though. 😅

💡 Tip!. Injecting Log4Shell payloads is also possible in PDF files! eelyvy has a dedicated GitHub repository showing exactly how to craft your PDF payload file! 😎. 🔗

Easiest way to test for Log4Shell (even in 2025) 🤠 . Example 👇

Latest Bug Bytes is live! 🚀. This month's issue is as usual packed with bug bounty tips:.✅ Exploiting Log4Shell (Log4J) in 2025.✅ An indispensable GitHub recon tool (not the one you have in mind) .✅ Advanced WAF evasion techniques. & much more! 😎.

For some bug bounty hunters, the Log4Shell hunt never truly ended. 😈. While most moved on, some researchers know this vulnerability is still hiding in production systems across the web, even today 👀. We just published a comprehensive guide showing exactly how to uncover

🚨 New Writeup Alert! 🚨. "Exploiting Log4Shell: How Log4J Applications Were Hacked" by MrXcrypt is now live on IW!. Check it out here: #vulnerability #log4j #log4shell #cve202144228 #exploitation.

🔥 #APTs in 2025 still abuse ProxyShell, Log4Shell, & Fortinet flaws. ⚠️ Patch or become a breach headline. 📖 Full Q1 2025 findings: #ThreatIntel #CyberAttack #StaySecure #APTs #CyberDefense #ZeroTrust #Cybersecurity #Kaspersky #Securelist #Linux

🧵 How Open Source Communities Handle Security Crises - and what founders & solo builders can learn. Two of the biggest software vulnerabilities in history:.- Heartbleed (2014).- Log4Shell (2021). Let’s dive in👇

(🧵Thread) CVE-2021-44228 (Log4j Scanning Campaign) Is Back and Stronger than Ever. 4 Years after the exploit was first published, the CrowdSec Network still detects active campaigns targeting the Log4Shell class of exploits. (🧵1/6)

I use Log4shell canaries in my passwords and I have one per website. It’s been crazy interesting the sites that I have gotten pings for and where the pings are from. I think it’s cool. It would be a fun talk to put together and a good story to tell but not useful….

Breaking down how the Log4Shell attack works 👇

🌐 Server-Side Bugs That Pay Big. • SSRF (internal request abuse).• SSTI (template injection).• XXE (XML Entity Injection).• Log4Shell-style payloads.• Blind bugs with Burp Collaborator. 💣 Quiet bugs, massive impact. #BugBounty #SSRF #EthicalHacking #bugbountytip.

Putain, 8 failles de sécu qui ont de belles répercussions. l'IT est un château de carte que l'on redécouvre a chaque faille de sécu importante, coucou OpenSSL, Log4Shell, etc.

When you see java.exe spawning weird child processes, it’s time to investigate. I will be doing a write-up of analyzing a Log4Shell payload via a memory dump!

I'm trying something different. 3 inch Velcro patches for Crowdstruck, Solorigate, MOVEit Transfer and Log4shell. In recognition of analysts and responders who handled these major incidents, working nights, weekends and holidays. I think of them as merit badges.

Our JFrog Senior Solution Engineers break down how to protect your applications this December and beyond. Learn key steps to safeguard your code and keep the on-call pager silent: #Log4J #CyberSecurity #Log4Shell #DevSecOps

Vuln names: this is log4shell. We named it this way because it's in log4j and gives you shell. Threat actor names: this is HAIRY EEL, aka VIOLIN HIPPO, no relation to VEXING MACKEREL. Also known as APT-74, formely APT-C-92. We named it this way because he's a guy in Bulgaria.

📝 #OpenSource #BugBounty Spotlight: @ApacheLog4j – A Java-based logging utility, this @TheASF project monitors runtime behaviours and flags errors. Also the location of Log4Shell, possibly the worst-ever vulnerability. Five scopes and €10k max rewards via @sovtechfund 🚀 1/4

Three years later, #Log4Shell is still a wake-up call. Thankfully JFrog experts, Richard Clark and Gabe Martino, demonstrate how you can create a Curation policy by leveraging the JFrog integration with @github's CoPilot. Get a refresher on the risks and actions you can take