Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Citrix NetScaler flaws exploited via HexStrike AI

Exploitation Wave
First reported
Last updated
Happening score
H score 30
2 unique sources, 2 articles

Summary

Hide ▲

Threat actors are using HexStrike AI to exploit three Citrix flaws disclosed last week, accelerating abuse of NetScaler systems. Forum posts claim successful exploitation and show some vulnerable instances being offered for sale. The wave compresses the time from disclosure to mass exploitation and increases automation of repeat attack attempts.

Cases

Citrix NetScaler CVE-2025-7775 exploitation and fast weaponization (2)

Related Happenings

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Open Happening

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Open Happening

44% Rise in public-facing application exploitation as vulnerability-led incidents dominated 2025

Target Trend
First: 25.02.2026 16:30 Last: 25.02.2026 16:30 Sources 1

About this happening: Attacks against **public-facing applications** jumped **44%**, widening exposure for internet-facing services and increasing intrusion risk. **Vulnerability exploitation** became...

Open Happening

AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels

Technical Analysis
First: 17.02.2026 20:08 Last: 17.02.2026 20:08 Sources 1

About this happening: Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...

Open Happening

Citrix NetScaler reconnaissance scanning and version-enumeration campaign

Campaign
First: 03.02.2026 22:25 Last: 03.02.2026 22:25 Sources 1

About this happening: A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...

Open Happening

Timeline

  1. 03.09.2025 15:20 2 articles · 8mo ago

    Threat actors claim HexStrike AI exploitation of Citrix NetScaler flaws

    Campaign Scope Update

    Threat actors are trying to weaponize the newly released HexStrike AI offensive security platform to exploit recently disclosed Citrix vulnerabilities, with darknet forum discussions claiming successful exploitation of the three flaws Citrix disclosed last week and, in some cases, vulnerable NetScaler instances being offered to other criminals for sale. Check Point says the activity can shrink the time between public disclosure and mass exploitation while automating repeated attack attempts.

    Show sources
    Open in new tab