CP
cyberpings
Threat IntelHIGH

Threat Intel - FortiGate RaaS and Citrix Exploits Emerge

THThe Hacker News
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, cybercriminals are using new tricks to exploit software flaws and steal data.

Quick Summary

This week's bulletin highlights emerging threats like FortiGate RaaS operations and Citrix exploits. Organizations are at risk as these vulnerabilities are actively targeted. Stay informed and strengthen your defenses against these evolving cyber threats.

The Threat

This week’s ThreatsDay Bulletin reveals a concerning trend in cybersecurity, with various threat actors exploiting vulnerabilities across multiple platforms. The Gentlemen Ransomware-as-a-Service (RaaS) group is particularly notable, leveraging a critical authentication bypass vulnerability (CVE-2024-55591) in FortiOS/FortiProxy. This group has successfully compromised around 14,700 FortiGate devices globally, targeting organizations since its emergence in mid-2025. Additionally, a new campaign is actively exploiting known flaws in Citrix NetScaler, with over 500 exploit attempts recorded recently, signaling a potential escalation in attacks.

Who's Behind It

The Gentlemen RaaS group, consisting of about 20 members, is at the forefront of these attacks. Their operations stemmed from a payment dispute within the cybercrime community, leading to their aggressive tactics. On the other hand, the Citrix vulnerabilities are being exploited by various actors, indicating a broader interest in targeting legacy systems. This trend is alarming as it reflects a shift towards exploiting older vulnerabilities that organizations may not have patched.

Tactics & Techniques

The tactics employed by these threat actors are varied and sophisticated. For instance, the Gentlemen use the bring your own vulnerable driver (BYOVD) technique to evade detection and maintain persistence on compromised devices. In the case of Citrix, the exploitation of CVE-2025-5777 and CVE-2023-4966 shows a clear intent to leverage known weaknesses in widely used systems. Moreover, phishing campaigns impersonating IT staff via platforms like Microsoft Teams are on the rise, exploiting the trust users have in internal communications to gain unauthorized access.

Defensive Measures

Organizations must adopt a proactive approach to mitigate these threats. Regularly updating and patching systems is crucial, especially for those using FortiGate and Citrix products. Implementing multi-factor authentication (MFA) can add an extra layer of security, particularly against phishing attempts. Additionally, raising awareness among employees about the risks of social engineering can help prevent successful attacks. Cybersecurity teams should also monitor for unusual activities and prepare incident response plans to address potential breaches swiftly.

🔒 Pro insight: The uptick in exploitation of legacy vulnerabilities underscores the need for organizations to prioritize patch management and threat monitoring.

Original article from

THThe Hacker News
Read Full Article

Share

Related Pings

MEDIUMThreat Intel

Researchers Roast Cybercriminals to Diminish Their Glamour

Researchers are roasting cybercriminals to diminish their glamor. This humorous approach aims to expose their failures and fracture trust within criminal networks. It's a fresh take on cybersecurity, focusing on education and awareness.

The Register Security·
HIGHThreat Intel

Node.js Maintainers Targeted - Sophisticated Social Engineering Scheme

A coordinated social engineering scheme is targeting Node.js developers, risking the integrity of widely used software packages. This alarming trend highlights the need for vigilance in the open-source community.

Cyber Security News·
HIGHThreat Intel

Transparent Tribe Targets India's Startup Ecosystem - New Threat

Acronis reveals that Transparent Tribe is now targeting India's startup sector, especially cybersecurity firms. This shift raises concerns about espionage and data security risks. Startups must bolster their defenses against these sophisticated attacks.

CyberWire Daily·
HIGHThreat Intel

Gaming Industry - High-Stakes Cybersecurity Threats Explained

Cybercriminals are increasingly targeting the gaming industry, driven by financial transactions and sensitive data. As casinos go digital, understanding these threats is vital for operators to safeguard their assets.

Cyber Security News·
HIGHThreat Intel

China-Linked TA416 Targets European Governments with Phishing

TA416, a China-aligned threat actor, is targeting European governments with sophisticated phishing campaigns using PlugX malware. This poses significant risks to diplomatic security. Stay informed to safeguard your organization.

The Hacker News·
HIGHThreat Intel

Spear-Phishing Campaign Neutralizes MFA for Executives

A new spear-phishing campaign is targeting senior executives, neutralizing MFA protections. This poses serious risks to corporate security. Organizations must enhance their defenses against such sophisticated threats.

SC Media·