Home > Tech

It's already attacked 'Minecraft': The race is on to fix the biggest PC vulnerability in years

Bad actors are already exploiting it.
 By 
Matt Binder
 on 
Share on Facebook Share on Twitter Share on Flipboard
Kid playing Minecraft
Minecraft has patched the exploit, but the threat for many others remains. Credit: Georg Wendt/picture alliance via Getty Images

It's being called the "worst bug impacting the Internet in the last 5 years, at least," according to Matthew Price, CEO of the web security company Cloudflare.

“The single biggest, most critical vulnerability of the last decade,” said cybersecurity firm Tenable CEO Amit Yoran.

Price and Yoran are talking about "Log4Shell," a new exploit found in log4j2, an open-source Java logging library Java-based logging typically found on Apache web servers. Developers implement it into applications in order to record app activity.

According to Wired, it's not hard for a hacker to exploit the flaw. A bad actor simply needs to send malicious code that will eventually get logged by log4j2. From there, the attacker would be able to fully take control of a server remotely. 

Just how bad is this?

Log4j is commonly used on an untold number of servers. The issue can basically strike large swaths of the internet. Apple iCloud, social media services like Twitter, online gaming platforms like Minecraft and Steam are all affected.

Lets take the popular Microsoft-owned video game Minecraft, for example. The game has already been hit by attackers exploiting Log4Shell. As cybersecurity expert Mark Hutchins explained, all a bad actor had to do was paste a "short message into the chat box" in the game and they were able to compromise Minecraft's servers.

SEE ALSO: My friend's 'Minecraft' realm was the community I needed while 2020 slid downward

Minecraft developers have since patched the exploit in the game and users have been urged to update their app. However, countless other applications, platforms, and services remain vulnerable.

“I’d be hard-pressed to think of a company that’s not at risk,” said Cloudflare chief security officer Joe Sullivan to AP.

According to cybersecurity firm CrowdStrike Senior VP of Intelligence Adam Meyers, the vulnerability has already been "fully weaponized" as nefarious actors have already created tools to exploit it.

“The internet’s on fire right now,” Meyers said. “People are scrambling to patch and all kinds of people are scrambling to exploit it.” 

Featured Video For You
How to not get your social media hacked

Topics Cybersecurity Gaming Social Media

Mashable Potato
Recommended For You
Hackers are exploiting a vulnerability in lots of e-commerce sites
By Alex Perry
Fish-eye lens view of a computer screen with hacking stuff on it
Check for Windows 11 updates. Microsoft just patched a major Notepad vulnerability.
By Tim Marcin
windows logo on a phone laying on a keyboard
Minecraft is getting its first-ever theme park land
By Chance Townsend
Logo of computer game Minecraft is seen at the PAX Aus 2025
Put Dr. Kelson from '28 Years Later: The Bone Temple' on 'RuPaul's Drag Race'
By Belen Edwards
A composite image of Dr. Kelson from "28 Years Later: The Bone Temple" and RuPaul from "RuPaul's Drag Race."
'Pokémon Pokopia' is 'Minecraft' for Pokémon, and fans will lose hundreds of hours to it
By Alex Perry
A Ditto in the form of a human girl taking a selfie with multiple other Pokemon in the background
Trending on Mashable
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
NYT Strands hints, answers for April 3, 2026
By Mashable Team
A game being played on a smartphone.
Google launches Gemma 4, a new open-source model: How to try it
By Matt Binder
Google Gemma
What's new to streaming this week? (April 3, 2026)
By Belen Edwards and Kristy Puchko
A composite of images from film and TV streaming this week.
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!