It has been more than a year since Apache released details on a critical vulnerability in Log4j, however threat actors are still exploiting it.