HIGHRansomware
Global

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

·Source: The Hacker News

Updated:

Executive Summary

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral

Analysis

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral

Indicators of Compromise (1)

CVE (1)
CVE-2025-5777
Source Attribution

Originally published by The Hacker News on Jul 2, 2026.

Related Threats