WASHINGTON—A newly discovered vulnerability in a widely used software library is causing mayhem on the internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness. The vulnerability, known as Log4j, comes from a popular open-source product that helps software developers track changes in applications that they build. It is so popular and embedded across many companies’ programs that security executives expect widespread abuse. “The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade,” said Amit Yoran, chief executive of Tenable, a network security firm, and the founding director of the U.S. Computer Emergency Readiness Team. The U.S. government sent a warning to the private sector about the Log4j vulnerability and the looming risk it poses on Friday. Much of the software affected by Log4j, which bears names like Hadoop or Solr, may be unfamiliar to the public at large. …