A vulnerability in the Roundcube email server platform is being actively exploited, the US government warns, urging its bodies to apply the patch and secure their instances sooner, rather than later.