Please turn on your JavaScript for this page to function normally.

Apache Software Foundation

iPaaS: The latest enterprise cybersecurity risk?

iPaaS apps are vulnerable because they transport highly sensitive data from core systems, include many different third-party apps in the process, and often lack security tools …

The Log4j JNDI attack and how to prevent it

The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

Patched Apache flaw is a serious threat for web hosting providers

Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via …

Apache Struts
PoC exploit for critical Apache Struts flaw found online

The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …

Apache Struts
Easily exploitable Apache Struts vulnerability opens businesses to attack

A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …

Apache Milagro
Milagro: A distributed cryptosystem for the cloud

A new open source project within the Apache Incubator aims to create an alternative to outdated and problematic monolithic trust hierarchies such as commercial certificate …

Don't miss

Cybersecurity news