By therecord.media
Publication Date: 2025-11-12 18:17:00
Amazon said it uncovered a sophisticated campaign targeting previously unknown vulnerabilities in products from Cisco and Citrix.
CJ Moses, CISO of Amazon Integrated Security, said they identified an “advanced” threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems.
An Amazon spokesperson said the campaign, which was not attributed to any specific nation-state or cybercriminal group, was discovered in May. They declined to answer further questions about the nature of the targeting and the goal of the campaign.
The hackers notably used custom malware and were exploiting CVE-2025-5777 — now known colloquially as “Citrix Bleed Two” — before it was disclosed publicly in July.
“Through further investigation of the same threat exploiting the Citrix vulnerability, Amazon Threat Intelligence identified and shared with Cisco an anomalous payload targeting a previously undocumented endpoint in…

