The Kaseya Virtual System Administrator (VSA) server software, used by managed service providers (MSPs) to manage their clients, was compromised by attackers who exploited a 0-day authentication bypass vulnerability on July 2, 2021. The attackers were able to upload and execute a REvil ransomware payload, compromising up to 1 million host systems and encrypting them, causing significant disruptions to multiple large organizations. This attack highlights the risk of supply chain exploitation and the importance of prioritizing vulnerability remediation, particularly for organizations with products that form part of a broader supply chain. To mitigate this risk, Kaseya has released guidance on how to protect against the attack, including shutting down affected servers until further notice and using detection tools to identify potential indicators of compromise. Organizations can also take steps such as engaging a vulnerability management platform like Bugcrowd to quickly find and fix business-critical vulnerabilities before they are discovered by attackers.