By @RabiaNoureen11
Publication Date: 2025-11-13 13:01:00
Key Takeaways:
- Amazon uncovered a sophisticated cyber campaign exploiting zero-day flaws in Cisco and Citrix products.
- Attackers weaponized the vulnerabilities before patches were released.
- The incident highlights growing risks from “patch-gap” exploitation and the need for stronger defense-in-depth strategies.
Amazon has discovered a highly sophisticated threat actor exploiting two zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix NetScaler ADC products. These vulnerabilities were actively targeted in real-world environments, exposing organizations to serious security risks.
CitrixBleed 2 zero-day exploited before public disclosure
According to Amazon’s threat intelligence team, this campaign used a critical zero-day vulnerability dubbed CitrixBleed 2 (CVE‑2025‑5777) through its MadPot honeypots before Citrix released a patch on June 17. CitrixBleed 2 allows…