Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware.

"This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure – the systems enterprises rely on to enforce security policies and manage authentication across their networks," CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News.

The attacks were flagged by its MadPot honeypot network, with the activity weaponizing the following two vulnerabilities -

CVE-2025-5777 or Citrix Bleed 2 (CVSS score: 9.3) - An insufficient

See Full Page