CISA warns of active exploitation of CVE-2016-10033 in PHPMailer, urging organizations to patch by July 28, 2025, to prevent system compromise.