Particle.news
Download on the App Store
5 ARTICLES
·
last mo.

HexStrike‑AI Attracts Criminal Use as Citrix NetScaler Zero‑Days Face Rapid Exploitation

Security researchers warn attacker interest in the dual‑use framework is compressing the time between disclosure and exploitation of Citrix NetScaler flaws.

Image
Image
Image

Overview

  • Check Point reports dark‑web posts claiming HexStrike‑AI is being used to target three newly disclosed Citrix NetScaler vulnerabilities, including CVE‑2025‑7775, CVE‑2025‑7776, and CVE‑2025‑8424, within hours of disclosure.
  • Citrix confirmed CVE‑2025‑7775 was already exploited in the wild after its August 26 disclosure, while ShadowServer counted about 8,000 exposed endpoints as of September 2, down from roughly 28,000 the prior week.
  • The open‑source framework integrates 150+ security tools and AI agents with orchestration and automatic retry logic that can automate scanning, assist exploit crafting, deliver payloads, and persist, potentially cutting execution from days to minutes.
  • Forum claims describe unauthenticated remote code execution via CVE‑2025‑7775, webshell deployment, and offers to sell access to compromised appliances, though Check Point and others note direct proof tying attacks to HexStrike‑AI remains limited.
  • Creator Muhammad Osama says the project is intended for defenders and ships without prebuilt zero‑day exploits, while researchers urge urgent patching, adaptive detection, AI‑aware defenses, and dark‑web monitoring.