The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.