APT Group Exploits Zero-Days in Cisco and Citrix Systems

Amazon’s threat intelligence division uncovered an advanced persistent threat (APT) group exploiting zero-day vulnerabilities in Cisco and Citrix systems. The attackers targeted critical identity and network access control infrastructure, using undisclosed flaws before vendors issued patches. Amazon’s MadPot honeypot service detected the exploitation attempts, leading to the identification of CVE-2025-5777 and CVE-2025-20337. The threat actor deployed a custom web shell disguised as a legitimate component, operating in-memory and using Java reflection for stealth. Security teams are advised to implement defense-in-depth strategies and closely monitor for anomalous activity.

Latest mentioned: 11-13

Earliest mentioned: 11-12

Sources

thecyberexpress.com bleepingcomputer.com thehackernews.com theregister.com therecord.media cyberscoop.com gbhackers.com

Also Read

Supply-Chain Attack: Ransomware Groups Exploit RMM Vulnerabilities

Cybersecurity researchers at Zensec have uncovered a supply-chain attack campaign where ransomware groups exploited vulnerabilities in SimpleHelp RMM software to deploy ransomware across multiple organisations. The attacks, conducted by Medusa and DragonForce groups, leveraged unpatched vulnerabilities to gain SYSTEM-level privileges and move laterally within victim networks. Both groups used legitimate IT management tools to execute ransomware payloads and exfiltrate data, highlighting the critical need for supply chain security and patch management.

11-10Read more →