Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Cloudflare reported that a second bug in the widely used Log4j logging utility is actively being exploited by threat actors, potentially enabling denial-of-service attacks. It advised users to quickly update to Log4j version 2.16.0, which addresses the vulnerability. However, security firm, Praetorian, indicated a separate security weakness in Log4j that could allow data exfiltration. APT groups from China, Iran, North Korea and Turkey, are reportedly exploiting the vulnerabilities in as many systems as possible for follow-on attacks.