A new offensive security framework named HexStrike-AI is being actively used by hackers to quickly weaponize recently disclosed security flaws. According to CheckPoint Research, threat actors are leveraging this AI-driven tool to exploit Citrix vulnerabilities, including CVE-2025-7775, shortly after their disclosure. Although originally designed as a legitimate penetration testing aid, its open-source availability has attracted malicious use.
HexStrike-AI integrates artificial intelligence agents to automate numerous cybersecurity tools, enabling sophisticated attack chains with minimal human intervention. Its capabilities include scanning for vulnerable systems, crafting exploits, and deploying payloads like webshells. This automation significantly compresses the time between a vulnerability's disclosure and its active exploitation—potentially reducing it from days to mere minutes.
As a result, defenders face an even narrower window to apply patches. Despite a recent decrease, thousands of systems remain exposed to these Citrix flaws. Security experts advise bolstering threat intelligence, adopting AI-enhanced defenses, and implementing adaptive detection mechanisms to counter this evolving threat.
Read more...