New zero-day exploit for Log4j Java library is an enterprise nightmare

A zero-day vulnerability in the Apache Log4j Java-based logging library, dubbed Log4Shell, is exposed to ongoing remote code execution attacks. Threat actors are reportedly scanning the Internet for systems vulnerable to this flaw. Prominent companies such as Apple, Amazon, Cloudflare, Twitter, and Steam may be affected by this vulnerability. The Apache Foundation has released Log4j 2.15.0 to address the issue, and cybersecurity firm Cybereason has launched a ‘vaccine’ package named Logout4Shell.