Analysis of breaking security news with a focus on what it means for defenders and attackers — not just the headline.
Log4Shell Three Years Later: What Actually Changed?
CVSS 10.0 · CRITICAL In December 2021, the open-source log4j2 library’s ${jndi:...} lookup feature was disclosed as a remote code execution vulnerability — the now-famous Log4Shell, CVE-2021-44228. Three years on, the bug is fixed, but the lessons keep landing. ...