Significant vulnerabilities like Log4j have been the focus of cybersecurity staff - but that focus could be allowing attackers to slip by using older security bugs.