A flaw in widely used computer code is prompting 100 new hacking attempts every minute, a security company says.
Check Point said it had seen attempts to exploit the vulnerability on over 40% of corporate networks globally.
One US official said the security flaw, Log4shell, posed a "severe risk", with companies warning it was being actively used by criminal groups.
Fixes have been issued but need to be implemented. Popular applications and cloud services have been affected.
Written in the programming language Java, Log4J, the code containing the flaw, is used by millions of computers running online services.
In the last four months it had been downloaded 84 million times from the largest public repository of open-source Java components, Brian Fox of security company Sonatype, said.
And the ease with which hackers could exploit the vulnerability was, "akin to someone figuring out that mailing a letter into your postbox, with a specific address written on it, allows them to open all your doors in your house".
Researchers at Chinese technology company Alibaba discovered the flaw last month.
But it gained widespread public attention after being found affecting some sites hosting versions of Minecraft using Java.
Before the flaw was made public, the Apache Software Foundation, which oversees the Log4j code, issued a fix for the problem, rating the problem a "10" - the highest level of seriousness.
Cloudflare chief technology officer John Graham-Cumming said, "This is the third really serious flaw that's affected a wide range of Internet services: Heartbleed in 2012, ShellShock in 2014 and Log4Shell in 2021".
US Cybersecurity and Infrastructure Security Agency director Jen Easterly also stressed the urgency of the situation.
"To be clear, this vulnerability poses a severe risk," she wrote.
It was being widely exploited by hackers and "presents an urgent challenge to network defenders given its broad use".
The UK National Cyber Security Centre said, "This is a significant vulnerability" and called on organisations to urgently follow advice on mitigating the problem.
Microsoft researchers said they had seen hackers using Log4shell to:
Copyright © Times of London © 2021