Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco ISE and Citrix NetScaler ADC zero-day malware delivery campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A zero-day exploitation campaign against Cisco ISE and Citrix NetScaler ADC is delivering custom malware into enterprise identity and network access control infrastructure. The operation used CVE-2025-5777 and CVE-2025-20337 to reach exposed appliances and then plant a disguised IdentityAuditAction web shell. The broad, indiscriminate targeting raises the risk of unauthorized access across enterprise networks.

Related Happenings

Citrix security patch release for CVE-2026-13474

Security Patch Release
H score35 First: 01.07.2026 06:54 Last: 01.07.2026 06:54 Sources 1

About this happening: **Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...

NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)

Vulnerability
H score30 First: 01.07.2026 06:54 Last: 01.07.2026 06:54 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** now have **CVE-2026-10816**, a **7.7** flaw that can expose files through **unauthenticated arbitrary file read** when managem...

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Citrix security patch release for CVE-2026-3055

Security Patch Release
H score44 First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Citrix NetScaler reconnaissance scanning and version-enumeration campaign

Campaign
H score29 First: 03.02.2026 22:25 Last: 03.02.2026 22:25 Sources 1

About this happening: A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...

Timeline

  1. 12.11.2025 16:00 2 articles · 7mo ago

    Amazon discloses zero-day exploitation of Cisco ISE and Citrix NetScaler

    Initial Disclosure

    Amazon's threat intelligence team disclosed that an advanced threat actor targeted Cisco Identity Service Engine (ISE), Cisco ISE Passive Identity Connector (ISE-PIC), and Citrix NetScaler ADC/Gateway by exploiting CVE-2025-5777 and CVE-2025-20337 as zero-days to deliver custom malware, including a web shell disguised as IdentityAuditAction, after detections from the MadPot honeypot network.

    Show sources