Techzine • 3h
Anubis Ransomware Exploitation of Citrix NetScaler CVE-2025-5777
The Anubis Ransomware group is executing high-velocity exploitation of CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC/Gateway appliances, colloquially known as "Citrix Bleed 2." This vulnerability permits session token and memory disclosure, allowing attackers to bypass authentication and hijack active sessions. By targeting edge-facing infrastructure, Anubis circumvents traditional perimeter defenses to gain initial access, facilitating lateral movement and the subsequent deployment of ransomware payloads. This campaign marks a strategic shift toward leveraging N-day vulnerabilities in critical network appliances to conduct large-scale extortion and enterprise-wide encryption.
Links:Techzine, Horizon3, Reddit, Fortiguard, Purpleshieldsecurity, Github, Blog, Tenable, Secarma •