From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks
Key Takeaways Since the start of 2026, Arctic Wolf has investigated Anubis ransomware intrusions involving both valid VPN credential use and exploitation of CitrixBleed 2 (CVE-2025-5777), expanding…
Read the full articleYou might also wanna read
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability
CitrixBleed 2 (CVE-2025-5777) 7 Steps to Dragonforce Ransomware
Between January and June 2026, multiple unrelated organizations experienced nearly identical intrusions following a standardized seven-step
Citrix Bleed 2 (CVE-2025-5777): cómo Anubis roba sesiones y esquiva el MFA antes de cifrar
El ransomware Anubis suma 91 víctimas explotando Citrix Bleed 2: filtra memoria de NetScaler, roba tokens de sesión y entra sin contraseña n

CitrixBleed 2: Swift Path to Ransomware Threat
CitrixBleed 2 flaw enables rapid ransomware attacks. Learn about preventive measures and potential risks.

WAF - WAF Release - 2025-07-21
This week's update spotlights several critical vulnerabilities across Citrix NetScaler Memory Disclosure, FTP servers and network applicatio
Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure
Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and target

Comments
Sign in to join the conversation.
No comments yet. Be the first.