Amazonโs threat intelligence team uncovered sophisticated attacks exploiting zero-day vulnerabilities in Cisco ISE and Citrix NetScaler products, deploying custom malware to compromise enterprise networks. The campaigns highlight the importance of layered security and vigilant monitoring of critical identity and network access control systems. #CVE-2025-5777 #CVE-2025-20337
Keypoints
- Threat actors exploited two critical zero-day vulnerabilities in Cisco ISE and Citrix NetScaler products.
- The attacks involved deploying a custom web shell designed to evade detection and operate in memory.
- The web shell used advanced techniques like Java reflection and DES encryption to remain stealthy.
- Amazonโs detection was triggered through its honeypot network, revealing sophisticated exploitation methods.
- Organizations are advised to strengthen access controls and deploy comprehensive defense strategies.
Read More: https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html