Threat actors associated with the Anubis ransomware operation
have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777)
vulnerability to obtain initial access. "Although tactics differ
between affiliates, common patterns emerged in tradecraft through
use of legitimate Remote Management and Monitoring (RMM) tooling,
credential access, and hands-on-keyboard procedures used for
lateral
Read more https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html

