Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix

(Shahadat Rahman / Unsplash)

By David Jones

An advanced persistent threat actor has been targeting zero-day vulnerabilities in Cisco Identity Service Engine as well as Citrix, according to a blog post published Wednesday by security researchers at Amazon.

Amazon said it had previously detected threat activity targeting the CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, through its MadPot honeypot service. The detection indicated the exploitation activity was taking place prior to public disclosure. Citrix released guidance in June to address CitrixBleed 2

Additional investigation found an “anomalous payload” targeting a previously undocumented endpoint in Cisco ISE that used vulnerable deserialization logic, CJ Moses, CISO of Amazon Integrated Security, said in the blog. 

Read more at Cybersecurity Dive

Click to listen highlighted text!