First discovered in Minecraft, the Log4j vulnerability has since been found in cloud applications, enterprise software, and on everyday web servers.

Minecraft Java Edition players and server owners have discovered the rise of a new security vulnerability that can enable bad faith actors to remotely execute code on their computers.

Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library. Critical systems will be impacted.

Also covered will be Log4j lessons learned and the importance of fixing bad code before attacker can exploit it.

APT35 is one of several state-backed hacking groups known to have been developing tools to exploit public-facing Java applications that use vulnerable versions of the Log4j error-logging component.