Panel finds notorious Log4j internet bug did not lead to any “significant” attacks on critical infrastructure

The Cyber Safety Review Board (CSRB) in the US has found no significant cyber attacks done with the Log4j bug and that exploitation was lower than expected given its severity. However, the board did warn of potential future breaches. The CSRB noted Alibaba’s role in finding the bug and it criticised China’s reporting regulations, arguing they could delay patch creation. It also recommended further investment in software security. The CSRB will continue investigating the Log4j bug.