{"id":44581,"date":"2021-12-20T22:53:50","date_gmt":"2021-12-20T22:53:50","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/researchers-uncover-new-attack-vector-for-log4j-flaw"},"modified":"2021-12-20T22:53:50","modified_gmt":"2021-12-20T22:53:50","slug":"new-log4j-attack-vector-discovered","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/","title":{"rendered":"New Log4j Attack Vector Discovered"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind. <\/p>\n<p>Security researchers at Blumira have discovered that threat actors can potentially trigger the RCE flaw on internal and locally exposed Log4j applications via a JavaScript WebSocket connection \u2014 suggesting the attack surface may be much larger than first thought. Meanwhile, the Apache Foundation over the weekend released yet another update to fix a third vulnerability in the logging framework in recent days, meaning that organizations will once again need to patch their software to remain fully protected against the threat.<\/p>\n<p><a href=\"https:\/\/www.blumira.com\/analysis-log4shell-local-trigger\/\" target=\"_blank\" rel=\"noopener\">According<\/a>&nbsp;to Blumira, attackers can exploit the Log4j RCE flaw by luring users to any server that runs JavaScript to initiate a WebSocket connection. <a href=\"https:\/\/medium.com\/@td0m\/what-are-web-sockets-what-about-rest-apis-b9c15fd72aac\" target=\"_blank\" rel=\"noopener\">WebSocket<\/a> is a communication protocol that many modern browsers use for bidirectional communication between the server and client. The site would make calls to the user&#8217;s system or local network using WebSocket. If the victim&#8217;s host is vulnerable, it is then forced to call out to another attacker-controlled website over LDAP, RMI, DNS, HTTP or other protocol and download malicious JavaScript for exploiting the Log4j RCE, says Matthew Warner, CTO and co-founder of Blumira. <\/p>\n<p>&#8220;If the victim had a vulnerable version of Log4j and it was logging out requests to paths being requested and\/or the origin of those requests, it would trigger the Log4j JNDI lookup to the malicious host,&#8221; Warner says. &#8220;No additional effort would be required.&#8221;<\/p>\n<p>Warner says Blumira&#8217;s research shows the impact of Log4j isn&#8217;t limited to vulnerable servers.<\/p>\n<p> &#8220;Anyone with a service that utilizes a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability,&#8221; Warner says. It significantly expands the attack surface and is another weapon that operators of phishing and malicious advertising scams are likely to exploit, he says.&nbsp;<\/p>\n<p>The new attack vector should not complicate matters for organizations that already are following the recommended remediation steps for Log4j.&nbsp;&#8220;However, it does highlight the importance of patching all local development and internal servers,&#8221; Warner says. <\/p>\n<p><strong>Three Vulnerabilities \u2014 So Far<br \/><\/strong>Log4j is a near-ubiquitous logging tool in Java environments. Since Dec. 9, three unique vulnerabilities have been disclosed in the logging framework, each of varying severity. The most serious one is the <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/security-experts-sound-alarm-on-zero-day-in-widely-used-log4j-tool\" target=\"_blank\" rel=\"noopener\">critical RCE<\/a>&nbsp;vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a>) that the Apache Foundation disclosed Dec. 9.<sup>. <\/sup>The flaw exists in a Java Naming and Directory Interface (JNDI) lookups feature that is enabled by default in versions Log4j 2.0-beta9 to Log4j 2.14.1.&nbsp;<\/p>\n<p>Attackers can exploit the feature to take complete remote control of vulnerable systems, which can include Internet-facing systems, internal systems, network components, virtual machines, industrial control and SCADA systems, and cloud-hosted assets. <\/p>\n<p>The Apache Foundation released an updated version of the logging framework (Log4j 2.15.0) for Java 8 users on Dec. 10&nbsp;to address the vulnerability amid reports of attackers actively seeking to exploit the flaw.<\/p>\n<p>It then followed up with a <a href=\"https:\/\/www.darkreading.com\/application-security\/original-fix-for-log4j-flaw-fails-to-fully-protect-against-dos-attacks-data-theft\" target=\"_blank\" rel=\"noopener\">second update<\/a> on Dec. 13&nbsp;(Log4j 2.16.0 for Java 8 and Log4j 2.12.2 for Java 7) because the original fix basically ended up opening systems to denial-of-service (DoS) attacks (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-45046\" target=\"_blank\" rel=\"noopener\">CVE 2021-45046<\/a>) under certain conditions. <\/p>\n<p>On Dec. 18,&nbsp;the Apache Foundation issued another update (Log4j 2.17.0 for Java 8) to address a third, infinite recursive vulnerability in Log4j (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-45105\" target=\"_blank\" rel=\"noopener\">CVE-2021-45105<\/a>) that it described as allowing for DoS attacks.&nbsp;<\/p>\n<p>&#8220;Infinite recursion is code calling itself again and again and again,&#8221; says Saryu Nayyar, CEO of Gurucul. &#8220;Eventually, it will overflow the memory allocated to it, and provide the ability to inject malicious code outside of the defined memory space.&#8221;<\/p>\n<p>Both CVE 2021-45046 and CVE-2021-45105 can only be exploited under <a href=\"https:\/\/www.tenable.com\/blog\/cve-2021-44228-cve-2021-45046-cve-2021-4104-frequently-asked-questions-about-log4shell\" target=\"_blank\" rel=\"noopener\">specific nondefault conditions<\/a> and are therefore considered less severe than <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a>, the flaw that was disclosed on Dec. 9, which affects a very wide swath of organizations. <\/p>\n<p>According to security researchers at <a href=\"https:\/\/security.googleblog.com\/2021\/12\/understanding-impact-of-apache-log4j.html\" target=\"_blank\" rel=\"noopener\">Google<\/a>, the bug affects more than 35,000 Java packages \u2014 or more than 8% \u2014 of all packages on <a href=\"https:\/\/search.maven.org\/\" target=\"_blank\" rel=\"noopener\">Maven Central<\/a>, one of the largest repositories of Java packages. The pervasiveness of the flaw and the relative ease with which it can be exploited has attracted widespread attention within the threat actor community.<\/p>\n<p> Security vendors have reported seeing numerous financially motivated attackers as well as state-backed threat groups from countries such as Iran, China, and Turkey actively trying to exploit the flaw. <\/p>\n<p>The activity prompted the US Cybersecurity &amp; Infrastructure Security Agency (CISA) to issue <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/cisa-issues-emergency-directive-on-log4j\" target=\"_blank\" rel=\"noopener\">an emergency directive Friday<\/a> ordering all civilian federal agencies to take a series of measures to identify, patch, or mitigate vulnerable systems. Agencies have until Dec. 23 to comply with the requirements of the directive.<\/p>\n<p>The latest developments come amid signs that organizations are making at least some progress in addressing the threat. An analysis that cloud security vendor Wiz conducted shows that 10 days after the flaw was disclosed, organizations on average have patched some 45% of their vulnerable cloud resources. However, the vendor found that 45% of vulnerable machines remain unprotected against the threat. Of these systems, 25% had administrative privileges and 7% were exposed to the Internet.<\/p>\n<p>Meanwhile, a <a href=\"https:\/\/www.sonatype.com\/resources\/log4j-vulnerability-resource-center\" target=\"_blank\" rel=\"noopener\">dashboard<\/a><br \/>\nthat Sonatype launched this week to track Log4j downloads showed that there were more than 4.6 million downloads of the logging tool since Dec. 10. Forty percent of what the company described as the &#8220;most recent downloads&#8221; were of vulnerable versions of Log4j.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/researchers-uncover-new-attack-vector-for-log4j-flaw\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/researchers-uncover-new-attack-vector-for-log4j-flaw\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-44581","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-20T22:53:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Log4j Attack Vector Discovered\",\"datePublished\":\"2021-12-20T22:53:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/\"},\"wordCount\":912,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt2f6258d8e8d5b4cd\\\/61c106262bcbbe367315eb53\\\/day_10_infographic.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/\",\"name\":\"New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt2f6258d8e8d5b4cd\\\/61c106262bcbbe367315eb53\\\/day_10_infographic.png\",\"datePublished\":\"2021-12-20T22:53:50+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt2f6258d8e8d5b4cd\\\/61c106262bcbbe367315eb53\\\/day_10_infographic.png\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt2f6258d8e8d5b4cd\\\/61c106262bcbbe367315eb53\\\/day_10_infographic.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-log4j-attack-vector-discovered\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Log4j Attack Vector Discovered\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/","og_locale":"en_US","og_type":"article","og_title":"New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-20T22:53:50+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Log4j Attack Vector Discovered","datePublished":"2021-12-20T22:53:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/"},"wordCount":912,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/","url":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/","name":"New Log4j Attack Vector Discovered 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png","datePublished":"2021-12-20T22:53:50+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt2f6258d8e8d5b4cd\/61c106262bcbbe367315eb53\/day_10_infographic.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-log4j-attack-vector-discovered\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"New Log4j Attack Vector Discovered"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44581"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44581\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}