CVE-2025-20337 is a vulnerability tracked across 11 threat clusters and 24 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity January 30, 2026.
An advanced persistent threat actor exploited zero-day vulnerabilities in Cisco Identity Service Engine and Citrix NetScaler products. The attacks utilized custom malware and were detected by Amazon's MadPot honeypot…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild, allowing unauthenticated remote code execution (RCE) with a CVSS score…
Amazon reported that a threat actor is exploiting two critical vulnerabilities, CVE-2025-20337 and CVE-2025-5777, in Cisco ISE and Citrix products as zero-days. These vulnerabilities have been identified as being…
An advanced persistent threat (APT) group exploited zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems, specifically CVE-2025-5777 and CVE-2025-20337. The attacks were detected by…
Cisco disclosed a state-espionage campaign targeting its Adaptive Security Appliances (ASA), which are used for firewall and VPN functions. Attackers exploited two zero-day vulnerabilities to infiltrate government…
Cisco has disclosed critical vulnerabilities in its Unified Contact Center Express (CCX) platform and Adaptive Security Appliances (ASA) that allow unauthenticated remote attackers to execute arbitrary code and…
Cisco has patched a vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. The flaw, tracked as CVE-2026-20029, allows remote attackers with admin-level privileges to…
Cisco has reported ongoing attacks against its firewalls, specifically targeting vulnerabilities CVE-2025-20333 and CVE-2025-20362. These flaws allow remote code execution and unauthorized access, leading to potential…
Recent cybersecurity reports detail multiple threats, including Oracle Concurrent Processing Remote Code Execution and various Clop ransomware variants. Affected systems include those protected by Check Point IPS and…