Check Point confirmed exploitation of the IKEv1 VPN flaw in the wild, and the Dutch NCSC escalated with a warning about imminent broad abuse — the kind of threat intel coordination that usually means attacks are moving from targeted to opportunistic. The CISA KEV listing adds a federal remediation deadline on top. Any internet-exposed VPN infrastructure running IKEv1 should be treated as potentially compromised and assessed urgently. Where IKEv1 can be disabled in favor of IKEv2, this is the moment to do it.