I’d love to see a Medium article with a detailed technical breakdown of the hack with side-by-side comparisons of how this kind of exploit is impossible in Holochain (if that is indeed the case). Can anybody with technical knowledge get this ball rolling or ELI5 it?

Are you referring to the log4j exploit (part 1 Red Hat Customer Portal - Access to 24x7 support and knowledge)?

Note: No expert on Holochain
As any application is communicating to the local Holochain service through WebSockets, I do not think Holochain has any impact on this. This is beyond Holochain I believe and simply the responsibility of the developers using the Holochain service.

Yes, I was.