Citrix patches critical zero-day, two other flaws

Laura FrenchAugust 27, 2025

CVE-2025-7775 is the third Citrix flaw added to the KEV catalog in two days.

RESOURCES

Exposure management
How vulnerability management evolves into exposure management
AI/ML
AI agents need both tougher standards and stricter identity controls
Exposure management
How unified exposure management breaks down cybersecurity silos for greater efficiency
AI/ML
The future of software engineering in the age of AI
Identity
Best practices for streamlining and strengthening user access reviews

PODCASTS

Leadership
vCISO Benefits as the CISO Becomes Strategic and the Board’s Responsible for Security – Brian Haugli – BSW #410
Vulnerability Management
Naughty RBG, Docker, RDP, SBOMS, Kullback-Leibler, Oneflip, Youtube, Josh Marpet… – SWN #506
Application security
Translating Security Regulations into Secure Projects – Emily Fox, Roman Zhukov – ASW #345
Identity
Oktane Preview with Harish Peri, Invisible Prompt Attacks, and the weekly news! – Harish Peri – ESW #421
Vulnerability Management
Humans extinct: 2040, Okta, Elastic, Bad Bots, Berserk Bear, Siemens, Aaran Leyland.. – SWN #505

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Citrix sign on its office building in Fort Lauderdale, Florida, USA, an American cloud computing and virtualization technology company.

Vulnerability Management

Two Citrix bugs, Git repo flaw added to exploited vulnerabilities list

Steve ZurierAugust 26, 2025

While not critical, CISA added the Citrix and Git bugs to its list based on evidence of active exploitation.

ScreenConnect super admins targeted in spearphishing campaign

Laura FrenchAugust 26, 2025

Attackers use the EvilGinx framework to harvest credentials and MFA tokens.

Application security

AI summaries weaponized for malware delivery via ClickFix prompt injection

Laura FrenchAugust 26, 2025

Hidden text can fool AI summarizers into presenting ClickFix instructions to users.

Malicious Go package removed from GitHub, but credential threat persists

Steve ZurierAugust 26, 2025

Go module works as advertised as a brute-force tool while secretly exfiltrating credentials.

Security Operations

Cephalus ransomware abuses SentinelOne executable for DLL sideloading

Laura FrenchAugust 25, 2025

The emerging ransomware group makes initial access through RDP via compromised accounts.

Digital warning signs: A digital landscape, with warning signs on the screen, which depicts an alert or error.

Network Security

Global phishing campaign lures victims to release UpCryptor malware

Steve ZurierAugust 25, 2025

UpCrypter malware deploys various RATs, including PureHVNC, DCRat, and Babylon RAT.

Application security

CISA releases draft changes to SBOM minimum requirements for comment

Laura FrenchAugust 22, 2025

The draft guide makes several major changes and additions to the version published in 2021.

Malvertising campaign targets 300 companies with Atomic macOS Stealer

Steve ZurierAugust 22, 2025

Targeted social engineering campaign by Shamos once again shows how human beings are an enterprise’s weakest link.

EVENTS