By Guru Baran
Publication Date: 2025-11-12 14:21:00
An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers to deploy custom webshells and gain deep access to corporate networks.
The findings highlight how attackers are targeting key systems that manage user logins and network controls, putting businesses at high risk.
Cisco and Citrix 0-Days Exploited
The trouble started with Amazon’s MadPot honeypot service, a tool designed to lure and study cyber threats. It caught attempts to exploit a Citrix flaw known as “Citrix Bleed Two” (CVE-2025-5777) before anyone knew about it publicly.
This zero-day lets attackers run code remotely without permission. Digging deeper, Amazon’s experts linked the same hackers to a hidden weakness in Cisco ISE, now called CVE-2025-20337.
This bug uses faulty data handling, or “deserialization,” to let outsiders…
