Crims boast of using HexStrike AI against Citrix bugs

Crims boast of using HexStrike AI against Citrix bugs

Briefly

"Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check Point cybersecurity evangelist Amit Weigman. The AI tool, and its near-instantaneous adoption by cybercriminals, signal "the window between disclosure and mass exploitation shrinks dramatically," Weigman wrote in a Tuesday blog. CVE-2025-7775, a critical, pre-auth remote code execution bug, was abused as a zero-day to drop webshells and backdoor appliances before Citrix issued a patch."

""And with HexStrike AI, the volume of attacks will only increase in the coming days," Weigman warned. HexStrike AI is an AI-powered penetration testing framework developed by security researcher Muhammad Osama and released on GitHub several weeks ago. The offensive security utility integrates with more than 150 security tools to perform network reconnaissance and scanning, web application security testing, reverse engineering and a slew of other tasks."

"The GitHub repository warns that HexStrike AI shouldn't be used for unauthorized system testing, illegal or harmful activities, or data theft. However, shortly after its release, criminals - as they are wont to do with any type of legitimate pen-testing tool - began discussing HexStrike AI in the context of the Citrix security holes, according to Check Point. "Exploiting these vulnerabilities is non-trivial," Weigman wrote."