The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency warning after confirming that attackers are exploiting a newly discovered flaw in a widely used enterprise VPN product. The agency said the vulnerability is being used in real-world campaigns, raising concerns for government systems and critical infrastructure.

According to the Reuters report, researchers found evidence that the zero-day is already being used by ransomware operators. That means organizations relying on the affected VPN software could face unauthorized access, data theft, or broader network disruption if they do not act quickly.

CISA’s directive urges affected networks to review their exposure, apply available protections, and follow recommended mitigation steps immediately. The alert reflects growing pressure on public agencies and essential service providers to strengthen defenses as criminal groups continue to target remote access tools.

The warning adds to a string of recent cybersecurity incidents showing how a single software weakness can quickly become a high-value target. For organizations that depend on VPNs to connect employees and systems, the message is clear: patching, monitoring, and incident response planning cannot wait.