"Log4Shell, a critical zero-day flaw in a widely-used Java library, appeared in December 2021, and was immediately and widely exploited. Nearly one million attack attempts were launched in the first 72 hours of the vulnerability's disclosure. It was described at the time by Check Point Security as "clearly one of the most serious vulnerabilities on the internet in recent years, and the potential for damage is incalculable"."
""The Log4j vulnerability doesn't even crack the top few anymore. Sonatype Security Research examined some of the most frequently downloaded avoidable vulnerabilities - collectively they have collectively been downloaded more than 2.94 billion times this year or since their patches were released (whichever is more recent)," said the firm. "Every one of those downloads represents unnecessary risk: teams pulling vulnerable versions when fixed ones already exist, and have for years.""
Data show that over the last year, 14% of Log4j downloads in the UK were vulnerable and the global figure was about 13% despite available safe versions. Around 95% of vulnerable open-source components downloaded already had fixed versions. In 2025, nearly 300 million Log4j downloads occurred, with 40 million vulnerable. Log4Shell, a critical zero-day in a widely used Java library, appeared in December 2021 and was immediately exploited, prompting nearly one million attack attempts in 72 hours. The incident drove software supply chain scrutiny and regulatory measures such as US executive order 14028, NIS2, and the Cyber Resilience Act. Frequently downloaded avoidable vulnerabilities have been pulled billions of times, creating unnecessary risk.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]