Log4j stories

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

SonicWall says small firms are being hit hardest by basic security lapses as ransomware, bot traffic and identity theft keep climbing.

Cobalt weaves AI into its pentesting platform, automating recon and triage while keeping human experts on complex attack paths.

GitHub joins tech giants in a USD $12.5 million Alpha-Omega push, boosting AI-powered defences for critical open source software.

Secure.com warns most apps hide critical flaws in open source components, as unpatched dependencies and licence risks leave firms exposed.

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

Azul and Chainguard have teamed up to offer zero-CVE Java containers, enhancing security and support for enterprise Java workloads with Hardened, source-built images.

Azul's Intelligence Cloud now cuts Java security false positives by up to 99%, using runtime data to boost vulnerability detection accuracy for DevOps teams.

Azul has launched a Java vulnerability tool that cuts false positives by up to 99%, improving threat detection accuracy for production environments.

Qualys has launched a no-cost Tech Debt Report to help organisations identify and mitigate cyber risks from outdated technology.

Sonatype releases its SBOM Manager, a crucial tool to help organisations track and manage software components.

Check Point fortifies its CloudGuard WAF with a new API Discovery feature, aiming to enhance cloud security by identifying and mitigating API vulnerabilities.

Cato Networks exposes systemic cybersecurity gaps in inaugural threat report, revealing insecure protocols employed across WAN by all examined organisations.

New Relic's fourth annual State of the Java Ecosystem report reveals latest trends in Java development and adoption, highlighting significant growth in Java 21's uptake and shifts in preferred Java Developer Kits.

Cloudflare reveals a 25% surge in global internet traffic and heightened cybersecurity threats in its 2023 report.

Efforts to mitigate the Log4j vulnerability involve updating to patched versions of Log4j, but the process continues to be complex.

SBOMs will be key to dealing with the next big vulnerability and incredibly useful in the fight to minimise the effects of smaller weaknesses.

Arctic Wolf, a global specialist in security operations, has published its annual Arctic Wolf Labs Threat Report, revealing a year of turbulence.

Ransomware threats remain at peak levels with no evidence of slowing down globally with new variants enabled by Ransomware-as-a-Service (RaaS).

The Secureworks Counter Threat Unit (CTU) has uncovered a subgroup of Iranian Cobalt Mirage using GitHub to store and deploy malware.