If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain.

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.