The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency warning after confirming that hackers are using a newly discovered flaw in Ivanti Connect Secure VPN appliances. Officials said the vulnerability is being exploited in ransomware-related campaigns aimed at federal agencies and critical infrastructure operators.

CISA’s directive calls on affected organizations to take urgent protective steps, reflecting the scale of the threat and the speed at which attackers are moving. Ivanti Connect Secure is widely used in government and enterprise networks, making the bug especially serious for organizations that rely on remote access tools to keep systems running.

The agency’s alert underscores a broader pattern in cybercrime: once a zero-day is identified, attackers often race to weaponize it before defenders can patch systems. For agencies and companies handling sensitive data, delays in mitigation can quickly turn a software weakness into a costly breach.

Researchers and security teams are now working to determine the full scope of the campaign and which networks may already be compromised. The warning adds fresh pressure on operators of critical services to apply fixes, review logs, and isolate vulnerable devices before the attacks spread further.