It’s not over ‘till it’s over. And it’s not over.
When the log4j vulnerability was first announced, there was a mad scramble. Millions of servers worldwide use log4j as part of their plumbing. At-risk systems had to be found and patched before they could be exploited by attackers. And attack they did. Log4J created a relatively easy way to take control of systems with valuable data, so bad actors wrote tools to scan the internet looking for unpatched targets.
Read more here.