Infosecurity Magazine

Log4Shell Downloaded 40 Million Times in 2025

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug ...
Techzine Europe

Is React2Shell the new Log4Shell?

React Server Components contains a vulnerability that can be exploited on a large scale. To what extent is it similar to the ...
The Hacker News

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to ...
Bleeping Computer

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now "massively exploited in the wild." The flaw was silently ...
InfoWorld

Oracle Java Management Service adds application analyzer

New Analyze Applications feature analyzes JAR or WAR files for migrations and JFR recordings for performance optimization. Update also brings task scheduling and Kubernetes support. Oracle Java ...
Business Wire

Omnissa Unveils Workspace ONE Vulnerability Defense to Transform Security Management Across All Endpoints and Applications

LAS VEGAS--(BUSINESS WIRE)--Omnissa ONE 2025 - Omnissa, a leading digital work platform company, announces Workspace ONE® Vulnerability Defense, a new AI-driven security offering that transforms how ...
Morningstar

Omnissa Unveils Workspace ONE Vulnerability Defense to Transform Security Management Across All Endpoints and Applications

Omnissa ONE 2025 - Omnissa, a leading digital work platform company, announces Workspace ONE® Vulnerability Defense, a new AI-driven security offering that transforms how organizations manage ...
The Hacker News

Everything to Know about Runtime Reachability

Reachability has quickly become one of the latest buzzwords in cybersecurity, but every vendor means something slightly different by the term. In part one of this series, I argued that reachability is ...
GitHub

Using log4j-to-slf4j in a web application incorrectly sets a value in a ThreadLocal in org.apache.logging.slf4j.SLF4JLogger

We have a web application packaged as a .war file deployed in Tomcat 11. The web application uses logback as the main logger and slf4j as a facade. Then we use log4j-to-slf4j as a bridge to redirect ...
Business Wire

Azul Introduces 100 – 1000x More Accurate In-Production Java Vulnerability Detection

SUNNYVALE, Calif.--(BUSINESS WIRE)--Azul, the only company 100% focused on Java, today announced an enhancement to Azul Intelligence Cloud, a breakthrough capability in Azul Vulnerability Detection ...
SD Times

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
SiliconANGLE

Application security startup Minimus debuts with $51M to reduce cloud software vulnerabilities

Application security startup Minimus Inc. today launched at the RSAC 2025 Conference 2025 with an announcement that it has raised $51 million in an exceptionally large seed round to support the ...