Not patched Log4j yet? Assume attackers are in your network, say CISA and FBI

The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) have issued a joint warning to organizations with unpatched Log4j vulnerabilities, particularly in VMware Horizon servers. The agencies asked companies to assume their networks have been compromised and to act accordingly. The directive comes after a cyberattack on a federal civilian executive branch organization demonstrated malicious exploitation of these vulnerabilities.