A critical security vulnerability in widely used NGINX web server software is now being actively exploited by attackers just days after its public disclosure, cybersecurity researchers report.