#4
The Hacker News
general
July 02, 2026 at 18:30 UTC
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
By [email protected] (The Hacker News)
AI Summary
Threat actors affiliated with the Anubis ransomware operation are actively exploiting CVE-2025-5777 (Citrix Bleed 2) for initial access, with affiliate tradecraft also incorporating BYOVD techniques, legitimate RMM tooling, and stolen supply chain credentials for lateral movement. The pattern of reusing legitimate tooling makes detection significantly harder for defenders relying on signature-based controls. Organizations running Citrix NetScaler should treat unpatched appliances as actively targeted.
Relevance score: 84.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →