Arab Press

بالشعب و للشعب
Friday, Aug 08, 2025

'Potential for damage incalculable': Experts sound alarm over cyber vulnerability in widely used software

'Potential for damage incalculable': Experts sound alarm over cyber vulnerability in widely used software

While the first victims hit by hackers were Minecraft players, experts warn the cyber vulnerability could soon be exploited by spies and organised criminals.

Security experts are sounding the alarm over a newly discovered software vulnerability, and organisations have been advised to "urgently" check whether it leaves them exposed to hackers.

Alerts have been issued by the British and American governments as a growing number of hacking groups - potentially including spies and organised criminals - are exploiting the vulnerability to break into computer networks.

The British government said it was treating "this issue with the utmost seriousness" as the US warned the vulnerability was "being widely exploited by a growing set of threat actors".

Researchers in the private sector said "the potential for damage is incalculable" with one describing the severity as: "The internet is on fire right now."

The UK government said it was treating the issue 'with the utmost seriousness'


What is the issue?


It is very rare for enterprise software to be completely written from the ground up for every different product.

Instead this software often depends on a shared library of open-source code maintained by charity organisations and distributed without any royalties.

The new vulnerability has been discovered in one such bit of code.

Known as Log4j, the open-source tool is an Apache Software Foundation project and used almost ubiquitously in enterprise software products and cloud services.

It won't directly impact people using personal devices, but any data they have with organisations that operate web servers could be at risk.

A fix has already been published by Apache - which described the vulnerability as "critical" - and large companies who control and update their own software should be able to quickly patch the vulnerability.

But because Log4j is so widely used as a logging utility there are likely to be thousands of companies exposed because the flaw affects third-party software which they cannot directly update.

Apache credited Chen Zhaojun, a security researcher at Chinese company Alibaba, for discovering and reporting the issue.

Minecraft players were among the first victims.


Who has been affected?


The first wave of victims were people playing the Microsoft-owned computer game Minecraft.

Hackers were able to post a short message in the Minecraft chatbox to remotely execute commands on the computers of other players.

Microsoft said it has patched the issue for Minecraft players and told customers they would be protected if they applied the fix.

The most obvious first wave of attacks all involved "cryptojacking", when hackers hijack victim's computers to use their processing power to mine cryptocurrencies.

Microsoft warned that alongside installing coin miners it had seen hackers exploiting the flaw to steal credentials and data from victim's computers.

"The internet's on fire right now. People are scrambling to patch and all kinds of people are scrambling to exploit it," said Adam Meyers, senior vice president of intelligence at cyber security company Crowdstrike.

The software flaw could be used to attack banks and even governments


'A very serious threat'


"I cannot overstate the seriousness of this threat," warned Lotem Finkelstein, director of threat intelligence for Check Point Software Technologies.

Mr Finkelstein warned that the cryptojacking activity "creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high value targets".

Check Point has detected hundreds of thousands of attempts to exploit this vulnerability across more than a third of all corporate global networks.

"Security teams need to jump on this with utmost urgency as the potential for damage is incalculable," Mr Finkelstein added.

Newsletter

Related Articles

Arab Press
0:00
0:00
Close
British Labour Government Utilizes Counter-Terrorism Tools for Social Media Monitoring Against Legitimate Critics
WhatsApp Deletes 6.8 Million Scam Accounts Amid Rising Global Fraud
Texas Residents Face Water Restrictions While AI Data Centers Consume Millions of Gallons
India Rejects U.S. Tariff Threat, Defends Russian Oil Purchases
United States Establishes Strategic Bitcoin Reserve and Digital Asset Stockpile
Thousands of Private ChatGPT Conversations Accidentally Indexed by Google
China Tightens Mineral Controls, Curtailing Critical Inputs for Western Defence Contractors
JPMorgan and Coinbase Unveil Partnership to Let Chase Cardholders Buy Crypto Directly
British Tourist Dies Following Hair Transplant in Turkey, Police Investigate
WhatsApp Users Targeted in New Scam Involving Account Takeovers
Trump Deploys Nuclear Submarines After Threats from Former Russian President Medvedev
Germany’s Economic Breakdown and the Return of Militarization: From Industrial Collapse to a New Offensive Strategy
Germany Enters Fiscal Crisis as Cabinet Approves €174 Billion in New Debt
IMF Upgrades Global Growth Forecast as Weaker Dollar Supports Outlook
Politics is a good business: Barack Obama’s Reported Net Worth Growth, 1990–2025
UN's Top Court Declares Environmental Protection a Legal Obligation Under International Law
"Crazy Thing": OpenAI's Sam Altman Warns Of AI Voice Fraud Crisis In Banking
Japanese Prime Minister Vows to Stay After Coalition Loses Upper House Majority
President Trump Diagnosed with Chronic Venous Insufficiency After Leg Swelling
Man Dies After Being Pulled Into MRI Machine Due to Metal Chain in New York Clinic
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
Iranian President Reportedly Injured During Israeli Strike on Secret Facility
Kurdistan Workers Party Takes Symbolic Step Towards Peace in Northern Iraq
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
AI Raises Alarms Over Long-Term Job Security
Russia Formally Recognizes Taliban Government in Afghanistan
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Mediators Edge Closer to Israel-Hamas Ceasefire Agreement
Germany Seeks Taliban Deal to Deport Afghan Migrants
Emirates Airline Expands Market Share with New $20 Million Campaign
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Trump Asserts Readiness for Further Strikes on Iran Amid Nuclear Tensions
Qatar Airways Clears Backlog of Passengers Following Missile Threats
Iran's Parliament Votes to Suspend Cooperation with Nuclear Watchdog
Trump Announces Upcoming US-Iran Meeting Amid Controversial Airstrikes
Trump Moves to Reshape Middle East Following Israel-Iran Conflict
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
“You Have 12 Hours to Flee”: Israeli Threat Campaign Targets Surviving Iranian Officials
Oman Set to Introduce Personal Income Tax, First in Gulf
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
×