Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet. The Ruby on Rails development team released a security patch for the vulnerability, which is known as CVE-2013-0156, back in January. “It’s pretty surprising that it’s taken this long [for an exploit] to surface in the wild, but less surprising that people are still running vulnerable installations of Rails,” said Jeff Jarmoc, a security consultant with security research firm Matasano Security, Tuesday in a blog post.