This post is also available in: heעברית (Hebrew)

Heightened concern over a critical vulnerability in widely used software. The flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. 

The vulnerability is in Java-based software known as “Log4j” that large organizations use to configure their applications – and it poses potential risks for much of the internet.

Apple’s cloud computing service, security firm Cloudflare, and one of the world’s most popular video games, Minecraft, are among the many services that run Log4j, according to security researchers cited by

The flaw was defined by the top U.S. cybersecurity defense official, Jen Easterly, as “one of the most serious I’ve seen in my entire career, if not the most serious.” There is concern that the flaw attracts cybercriminals and digital spies because it allows easy, password-free entry, according to news agencies.

US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability. The US Department of Homeland Security has ordered federal agencies to urgently eliminate the bug because it’s so easily exploitable — and told those with public-facing networks to put up firewalls if they can’t be sure.