CISA orders federal agencies to patch VPN flaw within three days as ransomware gang exploits it

CISA has issued an emergency directive to U.S. federal agencies. The directive requires agencies to remediate a vulnerable VPN component. Agencies are given a three‑day window to apply the fix. The vulnerability is currently being exploited by a ransomware gang. The attack targets the VPN’s ability to secure remote connections. CISA warns that failure to patch could lead to further compromise. An illustration accompanying the notice shows a burned‑out router or firewall as a visual cue of a breach. Agencies are expected to report compliance to CISA after the deadline.