Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...
Dark Reading

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...
Security Boulevard

Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and ...
The New York Times

Your Workout Routine Isn’t Complete Without Strength Training

Aerobic exercise is hugely beneficial for health. But research increasingly shows you also need some resistance training. Here’s how to work it in. By Cindy Kuzma Anh Bui’s main focus as a physical ...
Infosecurity-magazine.com

Impact of Log4Shell Bug Was Overblown, Say Researchers

Security researchers have claimed that a vulnerability described as the biggest and most critical ever discovered was far less dangerous than first believed. Log4Shell was a critical, CVSS 10.0-rated ...
InfoQ

Log4Shell Response Patterns & Learnings from Them

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
SDxCentral

Arctic Wolf: Log4Shell Has a Long Tail

The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on ...
SecurityWeek

One Year Later: Log4Shell Remediation Slow, Painful Slog

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most ...
SiliconANGLE

Iranian hackers breach Federal Civilian Executive Branch using Log4Shell vulnerability

The U.S. Cybersecurity and Infrastructure Agency today disclosed that an Iranian government-sponsored advanced persistent threat group hacked the Federal Civilian Executive Branch. The breach, which ...
TechCrunch

Iran-backed hackers breached a US federal agency that failed to patch year-old bug

The U.S. government’s cybersecurity agency says hackers backed by the Iranian government compromised a federal agency that failed to patch against Log4Shell, a vulnerability fixed almost a year ago.
Government Technology

CISA ALERT: Iran-Backed Actors Hit Federal Agency in Log4Shell Attack

Iranian government-backed hackers have allegedly compromised an unnamed federal agency for months, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI announced today. The advanced ...