HexStrike AI Exploits Citrix Vulnerabilities Disclosed in August 2025
Summary
Hide β²
Show βΌ
Threat actors have begun using HexStrike AI to exploit Citrix vulnerabilities disclosed in August 2025. HexStrike AI, an AI-driven security platform, was designed to automate reconnaissance and vulnerability discovery for authorized red teaming operations, but it has been repurposed for malicious activities. The exploitation attempts target three Citrix vulnerabilities, with some threat actors offering access to vulnerable NetScaler instances for sale on darknet forums. The use of HexStrike AI by threat actors significantly reduces the time between vulnerability disclosure and exploitation, increasing the risk of widespread attacks. The tool's automation capabilities allow for continuous exploitation attempts, enhancing the likelihood of successful breaches. Security experts emphasize the urgency of patching and hardening affected systems to mitigate the risks posed by this AI-driven threat. HexStrike AI's client features a retry logic and recovery handling to mitigate the effects of failures in any individual step on its complex operations. HexStrike AI has been open-source and available on GitHub for the last month, where it has already garnered 1,800 stars and over 400 forks. Hackers started discussing HexStrike AI on hacking forums within hours of the Citrix vulnerabilities disclosure. HexStrike AI has been used to automate the exploitation chain, including scanning for vulnerable instances, crafting exploits, delivering payloads, and maintaining persistence. Check Point recommends defenders focus on early warning through threat intelligence, AI-driven defenses, and adaptive detection.
Timeline
-
03.09.2025 15:20 π° 2 articles
HexStrike AI Exploits Citrix Vulnerabilities Disclosed in August 2025
Threat actors have begun using HexStrike AI to exploit three Citrix vulnerabilities disclosed in August 2025. The exploitation attempts target Citrix NetScaler instances, with some threat actors offering access to vulnerable instances for sale on darknet forums. The use of HexStrike AI by threat actors reduces the time between vulnerability disclosure and exploitation, increasing the risk of widespread attacks. Security experts recommend patching and hardening affected systems to mitigate these risks. HexStrike AI integrates with external LLMs via MCP, creating a continuous cycle of prompts, analysis, execution, and feedback. The tool's client features a retry logic and recovery handling to mitigate the effects of failures in any individual step on its complex operations. HexStrike AI has been open-source and available on GitHub for the last month, where it has already garnered 1,800 stars and over 400 forks. Hackers started discussing HexStrike AI on hacking forums within hours of the Citrix vulnerabilities disclosure. HexStrike AI has been used to automate the exploitation chain, including scanning for vulnerable instances, crafting exploits, delivering payloads, and maintaining persistence. Check Point recommends defenders focus on early warning through threat intelligence, AI-driven defenses, and adaptive detection.
Show sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
Information Snippets
-
HexStrike AI is an AI-driven security platform designed for authorized red teaming operations, bug bounty hunting, and CTF challenges.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
HexStrike AI integrates with over 150 security tools for network reconnaissance, web application security testing, reverse engineering, and cloud security.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
Threat actors are using HexStrike AI to exploit three Citrix vulnerabilities disclosed in August 2025.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
The exploitation attempts target Citrix NetScaler instances, with some threat actors offering access to vulnerable instances for sale on darknet forums.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
The use of HexStrike AI by threat actors reduces the time between vulnerability disclosure and exploitation, increasing the risk of widespread attacks.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
HexStrike AI's automation capabilities allow for continuous exploitation attempts, enhancing the likelihood of successful breaches.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
Security experts recommend patching and hardening affected systems to mitigate the risks posed by HexStrike AI-driven threats.
First reported: 03.09.2025 15:20π° 2 sources, 2 articlesShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws β www.bleepingcomputer.com β 03.09.2025 21:03
-
AI-powered cybersecurity agents like PentestGPT carry heightened prompt injection risks, potentially turning security tools into cyber weapons.
First reported: 03.09.2025 15:20π° 1 source, 1 articleShow sources
- Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure β thehackernews.com β 03.09.2025 15:20
Similar Happenings
Velociraptor Forensic Tool Abused for C2 Tunneling via Visual Studio Code
An unknown threat actor deployed the open-source Velociraptor forensic tool to download and execute Visual Studio Code, creating a tunnel to an attacker-controlled command-and-control (C2) server. The attack leveraged legitimate software and utilities to minimize the need for deploying custom malware. The attack involved using the Windows msiexec utility to download an MSI installer from a Cloudflare Workers domain, which then installed Velociraptor. This tool established contact with another Cloudflare Workers domain to download and execute Visual Studio Code with tunneling capabilities. Organizations are advised to monitor for unauthorized use of Velociraptor and implement endpoint detection and response systems to mitigate potential ransomware threats.
AI-Driven Exploit Generation Reduces Time to Proof-of-Concept to 15 Minutes
A new AI-powered system, Auto Exploit, developed by Israeli researchers, generates proof-of-concept exploits for vulnerabilities in open-source software in under 15 minutes. The system uses large language models (LLMs) to analyze CVE advisories and patches, creating exploits for 14 vulnerabilities. This development highlights the potential for rapid, automated exploit creation, significantly reducing the time defenders have to respond to new vulnerabilities. The system leverages Anthropic's Claude-sonnet-4.0 model to analyze advisories and code patches, generating exploit code and validating it against vulnerable and patched applications. The researchers emphasize that this capability could be used by both financially motivated attackers and nation-state actors, increasing the risk of N-day exploits. The ease of bypassing LLM guardrails and the low cost of generating exploits underscore the need for defenders to adapt to faster exploitation cycles and focus on reachability analysis to prioritize vulnerability remediation.
Malicious nx Packages Exfiltrate 2,349 GitHub, Cloud, and AI Credentials in Supply Chain Attack
A supply chain attack on the nx build system compromised multiple npm packages, leading to the exfiltration of 2,349 GitHub, cloud, and AI credentials. The attack unfolded in three distinct phases, impacting 2,180 accounts and 7,200 repositories. The attack exploited a vulnerable workflow in the nx repository to publish malicious versions of the nx package and supporting plugins. The compromised packages scanned file systems for credentials and sent them to attacker-controlled GitHub repositories. The attack impacted over 1,346 repositories and affected Linux and macOS systems. The nx maintainers identified the root cause as a vulnerable workflow added on August 21, 2025, that allowed for the injection of executable code via a pull request title. The malicious packages were published on August 26, 2025, and have since been removed from the npm registry. The attackers leveraged the GITHUB_TOKEN to trigger the publish workflow and exfiltrate the npm token. The malicious postinstall script scanned systems for text files, collected credentials, and sent them to publicly accessible GitHub repositories. The script also modified .zshrc and .bashrc files to shut down the machine immediately upon user interaction. The nx maintainers have rotated npm and GitHub tokens, audited activities, and updated publish access to require two-factor authentication. Wiz researchers identified a second attack wave impacting over 190 users/organizations and over 3,000 repositories. The second wave involved making private repositories public and creating forks to preserve data. GitGuardian's analysis revealed that 33% of compromised systems had at least one LLM client installed, and 85% were running Apple macOS. The attack took approximately four hours from start to finish. AI-powered CLI tools were used to dynamically scan for high-value secrets. The malware created public repositories on GitHub to store stolen data. The attack impacted over 1,000 developers, exfiltrating around 20,000 sensitive files. The malware modified shell startup files to crash systems upon terminal access. The attack was detected by multiple cybersecurity vendors. The malicious packages were removed from npm at 2:44 a.m. UTC on August 27, 2025. GitHub disabled all singularity-repository instances by 9 a.m. UTC on August 27, 2025. Around 90% of leaked GitHub tokens remain active as of August 28, 2025.
AI-Powered Cyberattacks Targeting Critical Sectors Disrupted
Anthropic disrupted an AI-powered operation in July 2025 that used its Claude AI chatbot to conduct large-scale theft and extortion across 17 organizations in healthcare, emergency services, government, and religious sectors. The actor used Claude Code on Kali Linux to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The operation, codenamed GTG-2002, employed AI to make tactical and strategic decisions, exfiltrating sensitive data and demanding ransoms ranging from $75,000 to $500,000 in Bitcoin. The actor used AI to craft bespoke versions of the Chisel tunneling utility to evade detection and disguise malicious executables as legitimate Microsoft tools. The operation highlights the increasing use of AI in cyberattacks, making defense and enforcement more challenging. Anthropic developed new detection methods to prevent future abuse of its AI models.
Citrix NetScaler ADC and Gateway vulnerabilities actively exploited
Citrix has released patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway. One of these vulnerabilities, CVE-2025-7775, is a zero-day flaw actively exploited in the wild. The flaws affect various configurations and can lead to remote code execution, denial-of-service, or improper access control. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to remediate the flaw within 48 hours. The vulnerabilities were discovered by security researchers Jimi Sebree, Jonathan Hetzer, and FranΓ§ois HΓ€mmerli. Nearly 20% of NetScaler assets identified are on unsupported, end-of-life versions, primarily in North America and the APAC region.