I have published a lot on the log4j and log4shell exploits and vulnerability. CISA issued a special warning about the long term impact of the issue:
Here is another real world example of the exploitation of the issue, abusing the cyber security tool Cobalt Strike, Windows Defender and VMware.
LockBit ransomware abuses Windows Defender to load Cobalt Strike (bleepingcomputer.com)
Many organisations are using VMware to virtualise systems – we do – and we take steps to keep the as secure as possible.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.