Bleepingcomputer
Advanced Threat Actor Exploits Cisco and Citrix Zero-Day Vulnerabilities
First seen 12 Nov 2025, 19:02 UTC
•



+1
•86% similarity
•80.0
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
An advanced persistent threat actor exploited zero-day vulnerabilities in Cisco Identity Service Engine and Citrix NetScaler products. The attacks utilized custom malware and were detected by Amazon's MadPot honeypot service before the vulnerabilities were publicly disclosed. Key vulnerabilities include CVE-2025-5777 in Citrix and CVE-2025-20337 in Cisco.
ThreatCluster AI