If hackers are exploiting the Log4j flaw, CISA says we might not know yet

Federal officials have warned that the widespread Log4j vulnerability could still be exploited by cybercriminals despite no major known intrusions in the U.S. yet. Log4j’s presence has been catalogued in over 2,800 commercial products. Exploiting the ‘Log4Shell’ vulnerability is trivial, and could be used by a threat actor to compromise a target system by typing a 12-character string, warns CISA Director Jen Easterly.