Advanced Threat Actor Exploits Cisco and Citrix Zero-Day Vulnerabilities

Advanced Threat Actor Exploits Cisco and Citrix Zero-Day Vulnerabilities

First seen 12 Nov 2025, 19:02 UTC BleepingcomputerAws.AmazonCybersecuritynewsCybersecuritydiveTheregister+1 86% similarity 80.0

Article Content

Browse articles
ThreatCluster

An advanced persistent threat actor exploited zero-day vulnerabilities in Cisco Identity Service Engine and Citrix NetScaler products. The attacks utilized custom malware and were detected by Amazon's MadPot honeypot service before the vulnerabilities were publicly disclosed. Key vulnerabilities include CVE-2025-5777 in Citrix and CVE-2025-20337 in Cisco.

ThreatCluster AI

Community

Browse all →