Amazon Alerts: Advanced Threat Actor Exploits Cisco ISE & Citrix NetScaler Zero-days

By Pierluigi Paganini
Publication Date: 2025-11-13 08:42:00

Table of Contents

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

Pierluigi Paganini
November 13, 2025

Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware.

Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC to deliver custom malware.

Attackers also exploited multiple undisclosed vulnerabilities.

Amazon’s honeypots revealed exploitation attempts of the Citrix Bleed Two (CVE-2025-5777) and Cisco ISE (CVE-2025-20337) for pre-auth RCE before public disclosure.

“What made this discovery particularly concerning was that exploitation was occurring in the wild before Cisco had assigned a CVE number or released comprehensive patches across all affected branches of Cisco ISE.” reads…

Facebook
Twitter
Pinterest
LinkedIn
Digg
Tumblr
Reddit
Buffer
Blogger
Newsvine
HackerNews
Flipboard
Share
LiveJournal
Yammer
Mix
Instapaper
Copy Link
Mastodon

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware.

Related Posts