Panel finds notorious Log4j internet bug did not lead to any "significant" attacks on critical infrastructure

A panel of U.S. government officials and private-sector experts tasked with investigating the nation's major cybersecurity failures has concluded that the notorious Log4j internet bug did not prompt any "significant" attacks on critical infrastructure systems.

A serious flaw living inside an open-source Java-based software known as "Log4j" shook the world last December when officials estimated that it left hundreds of millions of devices exposed to potential breaches.

The fledgling Cyber Safety Review Board, loosely modeled off the National Transportation Safety Board and housed under the purview of the Department of Homeland Security (DHS), released the findings of its investigation into the vulnerability on Thursday.