Hackers are actively trying to steal passwords from two widely used VPNs