Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
An advanced persistent threat actor has been targeting zero-day vulnerabilities in Cisco Identity Service Engine as well as Citrix, according to a blog post published Wednesday by security researchers at Amazon.
Amazon said it had previously detected threat activity targeting the CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, through its MadPot honeypot service. The detection indicated the exploitation activity was taking place prior to public disclosure. Citrix released guidance in June to address CitrixBleed 2.
Additional investigation found an “anomalous payload” targeting a previously undocumented endpoint in Cisco ISE that used vulnerable deserialization logic, CJ Moses, CISO of Amazon Integrated Security, said in the blog.
Read more at Cybersecurity Dive