Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html

ONE SENTENCE SUMMARY:

Advanced threat actors exploited zero-day vulnerabilities in Cisco and Citrix products to deploy custom malware, highlighting critical security challenges.

MAIN POINTS:

1. Amazon’s team discovered advanced threats exploiting then-zero-day flaws in Cisco and Citrix products.
2. Attacks targeted identity and network access control infrastructure crucial for enterprise security.
3. CVE-2025-5777 in Citrix allows attackers to bypass authentication; fixed in June 2025.
4. CVE-2025-20337 in Cisco ISE enables remote code execution as root; fixed in July 2025.
5. Exploitation led to custom malware disguised as a legitimate Cisco ISE component.
6. The malware operates in memory, using techniques to evade detection like Java reflection and DES encryption.
7. Attackers exhibited high resources, leveraging advanced exploits and bespoke tools.
8. Threat actors continue targeting network edge appliances to breach networks.
9. Importance emphasized on limiting access to privileged management portals to defend against attacks.
10. Pre-authentication exploits demand comprehensive defense strategies for detecting unusual behavior.

TAKEAWAYS:

1. Zero-day vulnerabilities pose significant risks to network security infrastructure.
2. Custom-built malware shows sophisticated knowledge of enterprise systems.
3. Defense-in-depth strategies are essential for protecting against advanced threats.
4. Layered security and limiting privileged access can mitigate breach risks.
5. Proactive detection and behavior analysis are critical in identifying anomalies.