CISA has flagged two unpatched SysAid IT service management vulnerabilities as actively exploited, enabling attackers to hijack administrator accounts and steal sensitive data. Federal agencies must patch by August 12, while all organizations face heightened risks due to widespread exposure of SysAid instances. This incident underscores the persistent threat of trivial-to-exploit flaws in essential IT infrastructure.