Hackers Actively Exploited CitrixBleed 2 Flaw Ahead of PoC Disclosure
gbhackersCybersecurity researchers have discovered that threat actors began exploiting the critical CitrixBleed 2 vulnerability nearly two weeks before a public proof-of-concept was released, highlighting the sophisticated nature of modern attack campaigns.
The vulnerability, tracked as CVE-2025-5777, represents a significant security risk for organizations running Citrix NetScaler appliances.
Early Exploitation Timeline
GreyNoise security researchers observed the first exploitation attempts against CVE-2025-5777 on June 23, 2025, marking the beginning of what would become a sustained attack campaign.
This timeline reveals a concerning pattern where malicious actors gained access to vulnerability details well before the broader security community became aware of the threat.
The chronological sequence of events demonstrates the sophistication of the threat landscape.
Initial exploitation began on June 23, followed by the public release of a proof-of-concept on July 4, and GreyNoise’s subsequent creation of a tracking tag on July 7.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE