The attackers are leveraging the CVE-2021-22205 vulnerability, a two-year-old flaw with a high severity score, found in versions 13.8.8, 13.9.6, and 13.10.3 of GitLab. Although a patch has been available since April 2021, the attackers are targeting systems that have not been updated, emphasizing the importance of timely patching and staying up to date.