London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

'Potential for damage incalculable': Experts sound alarm over cyber vulnerability in widely used software

'Potential for damage incalculable': Experts sound alarm over cyber vulnerability in widely used software

While the first victims hit by hackers were Minecraft players, experts warn the cyber vulnerability could soon be exploited by spies and organised criminals.

Security experts are sounding the alarm over a newly discovered software vulnerability, and organisations have been advised to "urgently" check whether it leaves them exposed to hackers.

Alerts have been issued by the British and American governments as a growing number of hacking groups - potentially including spies and organised criminals - are exploiting the vulnerability to break into computer networks.

The British government said it was treating "this issue with the utmost seriousness" as the US warned the vulnerability was "being widely exploited by a growing set of threat actors".

Researchers in the private sector said "the potential for damage is incalculable" with one describing the severity as: "The internet is on fire right now."

The UK government said it was treating the issue 'with the utmost seriousness'


What is the issue?


It is very rare for enterprise software to be completely written from the ground up for every different product.

Instead this software often depends on a shared library of open-source code maintained by charity organisations and distributed without any royalties.

The new vulnerability has been discovered in one such bit of code.

Known as Log4j, the open-source tool is an Apache Software Foundation project and used almost ubiquitously in enterprise software products and cloud services.

It won't directly impact people using personal devices, but any data they have with organisations that operate web servers could be at risk.

A fix has already been published by Apache - which described the vulnerability as "critical" - and large companies who control and update their own software should be able to quickly patch the vulnerability.

But because Log4j is so widely used as a logging utility there are likely to be thousands of companies exposed because the flaw affects third-party software which they cannot directly update.

Apache credited Chen Zhaojun, a security researcher at Chinese company Alibaba, for discovering and reporting the issue.

Minecraft players were among the first victims.


Who has been affected?


The first wave of victims were people playing the Microsoft-owned computer game Minecraft.

Hackers were able to post a short message in the Minecraft chatbox to remotely execute commands on the computers of other players.

Microsoft said it has patched the issue for Minecraft players and told customers they would be protected if they applied the fix.

The most obvious first wave of attacks all involved "cryptojacking", when hackers hijack victim's computers to use their processing power to mine cryptocurrencies.

Microsoft warned that alongside installing coin miners it had seen hackers exploiting the flaw to steal credentials and data from victim's computers.

"The internet's on fire right now. People are scrambling to patch and all kinds of people are scrambling to exploit it," said Adam Meyers, senior vice president of intelligence at cyber security company Crowdstrike.

The software flaw could be used to attack banks and even governments


'A very serious threat'


"I cannot overstate the seriousness of this threat," warned Lotem Finkelstein, director of threat intelligence for Check Point Software Technologies.

Mr Finkelstein warned that the cryptojacking activity "creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high value targets".

Check Point has detected hundreds of thousands of attempts to exploit this vulnerability across more than a third of all corporate global networks.

"Security teams need to jump on this with utmost urgency as the potential for damage is incalculable," Mr Finkelstein added.

Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×