Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.

Security pros say it's one of the worst computer vulnerabilities they've ever seen. Firms including Microsoft say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already ...

Microsoft announced it has rolled out new capabilities in its Defender for Containers and Microsoft 365 Defender offerings for identifying and remediating the widespread vulnerabilities in Apache ...

Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code ...

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic early last month. The Apache Foundation has since fixed the bugs and issued patches. So the onus is now ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Microsoft has become the second security ...

SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Serv-U can be configured to ...

In brief: Microsoft has announced updates for cloud-based versions of its security software to fight the Log4j vulnerability. Log4j has mostly been patched but can still affect some servers that could ...

Are you tired of hearing about Log4shell yet? Well settle in, because a top-3-worst-security-exploit-ever doesn't vanish overnight. Microsoft updated its article about the flaw (which we mentioned on ...

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...