There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

Log4j zero-day flaw: What you need to know and how to protect yourself Security warning: New zero-day in the Log4j Java library is already being exploited ...

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.

A critical flaw in a popularly used Java library is being exploited by malicious actors to deliver malware, while security researchers are scanning for vulnerable servers.