News

Apache Releases 3rd Patch for High-Severity Log4j Vulnerability CVE-2021-45105

Luciano Ferrari

28 Jan 2026 — 2 min read

Wednesday, January 28, 2026

Top 5 Cybersecurity Stories You Should Know

Apache Releases 3rd Patch for High-Severity Log4j Vulnerability CVE-2021-45105 — tl;dr: The Apache Software Foundation has issued a third patch, version 2.17.0, to address the high-severity vulnerability CVE-2021-45105 in its Log4j logging library. This vulnerability, which affects all versions from 2.0-beta9 to 2.16.0, could enable denial-of-service attacks through uncontrolled recursion in logging configurations. The patch comes in the wake of previous vulnerabilities, including CVE-2021-45046, which has been reclassified due to its potential for remote code execution. Users are urged to upgrade to Log4j 2 to mitigate risks, as the older 1.x versions are no longer supported.
↪ https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html
Critical CVE-2020-11182 Affects Qualcomm Snapdragon Products — tl;dr: CVE-2020-11182 is a critical vulnerability with a CVSS score of 9.8, affecting various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile. The flaw, identified as a buffer overflow due to insufficient input size checks, could lead to a potential heap overflow while parsing NAL headers. This vulnerability requires no user interaction and poses significant risks to confidentiality, integrity, and availability. Affected users should promptly apply patches provided by Qualcomm to mitigate potential exploitation.
↪ https://feedly.com/cve/CVE-2020-11182
Understanding Information Security (Infosec): Key Principles and Importance — tl;dr: Information security, or infosec, encompasses policies and procedures designed to protect sensitive digital data from unauthorized access, modification, and destruction. It plays a crucial role in safeguarding an organization's most valuable asset—its data—by preventing financial losses, ensuring business continuity, and maintaining trust. Infosec is governed by the CIA triad: confidentiality, integrity, and availability, along with additional principles like risk management and user training. Organizations must adopt robust infosec practices to comply with regulations and defend against evolving cyber threats, ultimately securing their operations and reputation.
↪ https://www.techtarget.com/searchsecurity/definition/information-security-infosec
Google Chrome and Cisco IOS XE Zero-Days Exploited Amid Record DDoS Attack — tl;dr: A significant cybersecurity week saw the exploitation of two critical zero-days: Google Chrome (CVE-2025-10585) and Cisco IOS XE (CVE-2025-20352), highlighting vulnerabilities in widely used software. Additionally, a record-breaking DDoS attack peaked at 22.2 Tbps, raising concerns about infrastructure resilience. Organizations must prioritize proactive security measures, including rapid patch deployment, comprehensive asset management, and adopting a Zero Trust architecture to mitigate risks associated with these escalating threats. The evolving tactics of cybercriminals emphasize the need for continuous employee training and vigilance against social engineering attacks.
↪ https://www.linkedin.com/pulse/ascella-cyber-brief-major-breaches-zero-day-news-20-sept-6yvjc
Understanding Cybersecurity: Protecting Your Digital Life — tl;dr: Cybersecurity involves safeguarding networks, devices, and data from unauthorized access and criminal activities, ensuring the confidentiality, integrity, and availability of information. With increasing reliance on technology for daily activities, individuals and organizations face risks such as malware, data breaches, and unauthorized access. To enhance cybersecurity, it is essential to keep software updated, use strong and unique passwords, implement multifactor authentication, and be cautious of phishing attempts. The Cybersecurity and Infrastructure Security Agency (CISA) offers resources and best practices to help individuals and businesses improve their cybersecurity posture.
↪ https://www.cisa.gov/news-events/news/what-cybersecurity