Log4Shell, a vulnerability in the Java application logging framework Log4J has been called the worst security vulnerability ever. Is that just the usual hype, though? Or why haven't we seen the forecast large scale exploitation of this bug? Is there something more sinister at play here?