An advanced threat actor has exploited critical vulnerabilities identified as “Citrix Bleed 2” (CVE-2025-5777) affecting NetScaler ADC and Gateway, as well as CVE-2025-20337 impacting Cisco Identity Service Engine (ISE). These vulnerabilities have been utilized as zero-days to deploy custom malware, posing severe risks to organizations utilizing these platforms. As these vulnerabilities are classified as zero-days, they indicate an active exploit without a prior known patch or fix, which raises immediate concern for users. High-level threats like this underline the necessity for organizations to maintain vigilance and enforce stricter security measures to mitigate the risk of breaches as attackers continuously adapt and utilize advanced methods. Security response teams are urged to prioritize updates and reinforce defenses against such sophisticated threats to protect sensitive data and systems.
👉 Pročitaj original: BleepingComputer
