Digging into the numbers one year after Log4Shell

A year after the Log4Shell vulnerability was first disclosed, many systems remain vulnerable, despite government efforts to patch the bug. Hackers linked to the Iranian government exploited the vulnerability to break into an unpatched VMWare Horizon server. Data from software supply-chain firm Sonatype shows that one in four Log4j instances remain vulnerable today. Researchers note the challenge in eradicating Log4Shell due to its large attack surface and ease of exploitability.