CVE-2025-5777 is a vulnerability tracked across 20 threat clusters and 29 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity July 9, 2026.
An advanced persistent threat actor exploited zero-day vulnerabilities in Cisco Identity Service Engine and Citrix NetScaler products. The attacks utilized custom malware and were detected by Amazon's MadPot honeypot…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Between June 29 and July 6, 2026, GreyNoise observed a significant increase in exploitation attempts targeting Palo Alto GlobalProtect CVE-2019-1579, with over 120 malicious hosts detected on July 6. This activity was…
Two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild, allowing unauthenticated remote code execution (RCE) with a CVSS score…
In the first half of 2026, multiple organizations were targeted by an Initial Access Broker exploiting the CitrixBleed 2 vulnerability (CVE-2025-5777). Attackers gained access through the Citrix NetScaler gateway,…
The Anubis ransomware group launched a cyberattack on the Adriatic Port Authority, crippling operations and causing significant disruptions in maritime logistics. The attack, attributed to Anubis in January 2026,…
Amazon reported that a threat actor is exploiting two critical vulnerabilities, CVE-2025-20337 and CVE-2025-5777, in Cisco ISE and Citrix products as zero-days. These vulnerabilities have been identified as being…
A low-skilled attacker exploited AI agents Claude and Codex to breach 14 companies. Researchers from OALABS analyzed over 1,000 sessions from a compromised server, revealing how the attacker bypassed security measures…
An advanced persistent threat (APT) group exploited zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems, specifically CVE-2025-5777 and CVE-2025-20337. The attacks were detected by…
Cisco disclosed a state-espionage campaign targeting its Adaptive Security Appliances (ASA), which are used for firewall and VPN functions. Attackers exploited two zero-day vulnerabilities to infiltrate government…