Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.”Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
![]()

