Home / Jul 03, 2026 / Story
0
#4 The Hacker News general July 02, 2026 at 18:30 UTC

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

By [email protected] (The Hacker News)

AI Summary

Threat actors affiliated with the Anubis ransomware operation are actively exploiting CVE-2025-5777 (Citrix Bleed 2) for initial access, with affiliate tradecraft also incorporating BYOVD techniques, legitimate RMM tooling, and stolen supply chain credentials for lateral movement. The pattern of reusing legitimate tooling makes detection significantly harder for defenders relying on signature-based controls. Organizations running Citrix NetScaler should treat unpatched appliances as actively targeted.

Relevance score: 84.0/100

# More from July 03