Hackers are actively exploiting a critical vulnerability in Apache Struts that allows for remote code execution, potentially leading to unauthorized access, data theft, and network disruption.