The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatchedVMware Horizonservers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. “The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming