- A legitimate red team tool called hexstrike-ai attracts the attention of the bad crowd
- Researchers see “chatter” on the current lever tool to exploit known citrix defects
- The system for correction of system administrators continues to shrink
Cybercriminals use a legitimate red team tool to automate the exploitation of vulnerabilities of the days, which reduces the time that companies must correct the defects of days in literal minutes.
Check Point Research security experts said they observed “chatting” around the dark network of a tool called Hexstrike-Ai, an open source offensive security frame that connects large languages such as GPT, Claude and Copilot with cybersecurity tools via the model context protocol. It gives access to more than 150 tools for penetration tests, automation of bug bonuses and research on vulnerability, using several AI agents to manage workflows, analyze data and execute scanning, operating or report tasks.
It is fueled by an “intelligent decision -making engine” which selects and performs tools based on the target environment, and supports network analysis, web application tests, cloud safety checks, reverse engineering and commod.
Citrix under the spotlight
Check Point Research indicates that hackers share information on how to deploy Hexstrike-Ai to take advantage of the CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424, three vulnerabilities recently discovered in Citrix Netscaller ADC and gateway instances.
The tool would have helped them carry out the execution of the unauthenticized remote code, which, in turn, allowed them to delete webshells and maintain persistence.
Although this chatter is not enough abuse evidence, if confirmed, the news would mean that the operating time can be reduced from several days to a few minutes, leaving the administrators of the system with an already small correction window, and even less time before the start of the attacks.
“The CVE-2025-7775 is already exploited in nature, and with Hexstrike-Ai, the volume of attacks will only increase in the coming days,” warned the CPR.
With this level of automation, the software update without corrective management platform will probably be impossible.
Via Bleeping Compompute
