Organizations “should be prepared to address Log4j vulnerabilities for years to come” and “should continue to report (and escalate) observations of Log4j exploitation.”