Dutch NCSC Confirms Active Exploitation of Citrix NetScaler Zero‑Day (CVE-2025-6543)

Attackers have been actively exploiting a zero‑day in Citrix NetScaler (CVE‑2025‑6543) since at least May 2025, deploying stealthy web shells on exposed appliances and targeting critical organizations. Dutch NCSC guidance urges immediate patching, forced session termination, and targeted hunting for indicators such as anomalous .php files in system directories and suspicious high-privilege accounts.

Vulnerability Overview

CVE‑2025‑6543 affects Citrix NetScaler Gateway/ADC and was used as a zero‑day for roughly two months prior to public disclosure. The flaw enables unauthenticated attackers to gain remote access and persist via web shells on the appliance, facilitating lateral movement and credential theft.

Observed Attack Chain

• Initial access through the unauthenticated vulnerability on Internet-exposed NetScaler devices.
• Drop of web shells to maintain remote command execution and evade normal administrative oversight.
• Anti-forensics steps to remove traces, complicate incident timelines, and prolong dwell time.

Immediate Containment and Eradication

Admins should apply the latest Citrix updates, then forcibly terminate all active and persistent sessions to evict adversaries. Recommended commands include:

kill icaconnection -all
kill pcoipConnection -all
kill aaa session -all
kill rdp connection -all
clear lb persistentSessions

Follow with a full credential reset for accounts that authenticate through the appliance and invalidate any SSO tokens or cookies tied to prior sessions.

Threat Hunting Guidance

• Enumerate and diff appliance file systems for unexpected or recently modified .php files under NetScaler system paths.
• Review admin account listings and RBAC assignments for recently created or privilege-elevated users.
• Inspect web server logs for anomalous POST requests to administrative or utility endpoints and unusual User‑Agents.
• Correlate outbound connections from the appliance to unfamiliar IPs/domains; block and investigate C2 patterns.

Hardening and Monitoring

• Restrict management interfaces to a dedicated admin network or VPN with MFA.
• Enable configuration integrity monitoring and alert on unauthorized changes.
• Collect and centralize NetScaler logs to a SIEM; create detections for web shell artifact paths and suspicious process invocation.
• Implement egress filtering from appliances and enforce TLS inspection where appropriate to detect hidden C2.

Risk and Impact

Compromised NetScaler appliances can act as privileged gateways into internal networks, enabling data exfiltration and ransomware staging. Organizations in critical sectors should assume potential compromise if patches were delayed and execute a full scope incident response, including forensic imaging of appliances and credential hygiene across dependent identity systems.

Microsoft to Block Legacy File Open Protocols by Default in Microsoft 365; Inline SVG Support to Be Retired in Outlook

Starting with Microsoft 365 version 2508, legacy file open protocols such as FPRPC, FTP, and HTTP will be blocked by default to reduce attack surface from outdated handlers exploited in phishing and document-based attacks. Separately, Outlook for Web and the new Outlook for Windows will retire inline SVG rendering by September 2025, mitigating scriptable vector payload risks in email.

What’s Changing

• Default blocking of insecure file open protocols (e.g., FrontPage RPC, FTP, HTTP) in Microsoft 365 apps, configurable via new Trust Center settings.
• Removal of inline SVG rendering in Outlook surfaces, aligning with typical client restrictions to prevent SVG-based XSS and script injection.

Security Rationale

Attackers regularly abuse legacy URL schemes and protocol handlers to coerce clients into unsafe retrieval or execution paths. Disabling these by default curtails low-friction exploitation chains that rely on user interaction with office documents and embedded links. Inline SVG has historically provided a vector for script and data exfiltration within email contexts; its retirement reduces opportunities for content-based exploitation.

Enterprise Considerations

• Inventory dependencies on FPRPC/FTP/HTTP flows for content retrieval or legacy intranet workloads and migrate to modern, authenticated alternatives.
• Validate line-of-business add-ins and macros that might implicitly rely on blocked handlers; update to supported APIs or secure protocols (HTTPS with auth).
• Review email templates and marketing assets that embed SVG; convert to sanitized PNG/WebP to preserve rendering consistency post-change.

Recommended Actions

• Pilot Microsoft 365 v2508 in a test ring, enabling verbose logging to detect blocked protocol usage.
• Harden Office protocol handler policies via Group Policy/Intune and disable unneeded URL schemes across the fleet.
• Establish detections for attempts to invoke deprecated handlers through phishing or document lures.

Shadowserver: Nearly 30,000 Microsoft Exchange Servers Still Missing April 2025 Hotfix for CVE‑2025‑53786

Internet telemetry shows roughly 29,000 Microsoft Exchange instances remain unpatched for CVE‑2025‑53786, a vulnerability enabling escalation from on‑prem servers into cloud environments. Concentrations of exposure are observed in the U.S., Germany, Russia, France, the U.K., and Austria, underscoring persistent patch lags for business‑critical email infrastructure.

Vulnerability Impact

CVE‑2025‑53786 allows attackers to leverage on‑prem Exchange to gain broader access, potentially bridging to Microsoft 365 resources. Real‑world exploitation risks include mailbox takeover, data exfiltration, and identity pivoting via hybrid configurations.

Exposure Landscape

• ~29,000 publicly reachable Exchange servers are missing the April 2025 hotfix.
• Top exposure countries: United States, Germany, Russia, France, United Kingdom, Austria.

Mitigation Priorities

• Apply the April 2025 hotfix and any superseding cumulative updates immediately.
• Audit hybrid connectors and application impersonation rights for anomalous grants.
• Enable continuous patch compliance monitoring and mailbox auditing.
• Restrict Exchange Admin Center and PowerShell endpoints to administrative networks with MFA.

Detection and Response

• Hunt for unusual EWS, MAPI, and OAuth consent events originating from on‑prem IPs.
• Review token issuance and OAuth app registrations for suspicious owners or redirect URIs.
• Correlate mailbox rule creation, forwarding changes, and delegate assignments after admin sessions.

Trend Micro Apex One Management Console Command Injection Under Active Exploitation (CVE‑2025‑54948/54987)

Critical command injection flaws in Trend Micro Apex One Management Console are being actively exploited in the wild, enabling remote code execution on management servers. Organizations using Apex One on‑prem should prioritize emergency patching and external exposure reduction to prevent takeover of security tooling and fleet-wide compromise.

Technical Details

• Vulnerabilities allow attackers to submit crafted input to server-side components that are insufficiently sanitized, resulting in arbitrary command execution.
• Exploitation of an EDR/AV management plane can provide adversaries with high-impact capabilities, including policy tampering, agent uninstallation, and mass deployment of malware.

Attack Surface and Exposure

• Publicly exposed management consoles are at highest risk; internet scanning routinely identifies such panels.
• Credential reuse and weak SSO hardening can accelerate post-exploitation pivoting.

Mitigation and Hardening

• Apply vendor patches immediately and validate build numbers post-update.
• Remove internet exposure of management consoles; place behind VPN/ZTNA with MFA and IP allowlists.
• Enable command execution auditing on the host OS; forward logs to a SIEM.
• Review recent admin actions, policy changes, and agent deployment jobs for anomalies.

Detection Guidance

• Monitor web server logs for suspicious parameters and high-entropy payloads.
• Alert on shell spawns from web server processes and abnormal network egress from the console host.
• Validate integrity of agents and check for unauthorized binaries distributed via the console.

ECScape: Privilege Escalation Across Co‑Located Tasks in Amazon ECS on EC2

New research presented at Black Hat USA 2025 details ECScape, a privilege escalation technique in EC2‑backed Amazon ECS that lets a low‑privilege container exfiltrate IAM credentials from co‑located tasks via an undocumented WebSocket channel (Agent Communication Service) and interaction with the EC2 Instance Metadata Service.

Technique Overview

• Abuse of an internal WebSocket channel used by the ECS agent to communicate with tasks.
• Credential theft opportunities arise when tasks on the same host expose or can coerce access to credentials intended for other tasks.
• IMDS and task role assumptions become a pivot point for escalating privileges beyond the intended task boundary.

Affected Environments

• ECS on EC2 with multiple tasks per host and permissive task-to-agent communications.
• Clusters with mixed trust levels or multitenant co-location on a single EC2 instance.

Mitigations

• Prefer Fargate or enforce strict task isolation on EC2 hosts; avoid co-locating mixed-trust tasks.
• Harden task IAM roles with least privilege and short-lived credentials; enable IMDSv2 and hop‑limit protections.
• Network-segment task communications; restrict access to ECS agent channels and metadata endpoints.
• Instrument detection for anomalous access to other tasks’ credentials and unexpected STS calls.

Detection Opportunities

• CloudTrail for unusual AssumeRole and GetCallerIdentity patterns from container IPs.
• VPC flow logs for cross-task traffic to agent ports and IMDS.
• Container runtime telemetry for WebSocket connections and file system artifacts indicative of credential harvesting.

AgentFlayer: Zero‑ and One‑Click Prompt Injection Exploits Against AI Agents

Zenity researchers demonstrated AgentFlayer, a set of prompt injection techniques that compromise popular AI agent platforms (e.g., ChatGPT-based agents, Microsoft Copilot Studio, Cursor) to silently exfiltrate secrets, internal documents, and conversation history, in some cases with zero user interaction.

Attack Mechanics

• Malicious content embedded in data sources or webpages triggers model‑followed instructions that override guardrails.
• Zero-click scenarios arise when agents autonomously browse or ingest untrusted content during task execution.
• Payloads can harvest API keys, cookies, and OAuth tokens, and instruct agents to leak or stage data to attacker infrastructure.

Targets and Impact

• Developer assistants, RPA-like AI workflows, and enterprise copilots integrated with sensitive systems.
• Compromise can lead to data loss, account takeover, and persistence via modified agent configurations or memories.

Defensive Measures

• Content provenance and trust policies for agent browsing/ingestion; sandbox untrusted sources.
• Output filtering and instruction-collision detection with policy-backed allow/deny lists.
• Secret handling hygiene: ephemeral tokens, scoped keys, and strict egress controls from agent environments.
• Audit trails for agent actions; alert on unusual connector activity and data egress.

SharePoint Exploitation Campaign: New Malware Analysis and Evolving TTPs

Ongoing exploitation of multiple SharePoint vulnerabilities prompted updated guidance and a malware analysis report detailing web shells, ransomware deployment, and shifting attacker TTPs. Defenders are advised to apply vendor fixes, harden IIS, and enhance EDR coverage specific to SharePoint front‑ends.

Campaign Details

• Attackers leverage a cluster of SharePoint flaws to drop web shells and stage ransomware.
• New malware families and loader components have been analyzed, with expanded detection guidance for blue teams.
• Recommendations emphasize antivirus/EDR configuration nuances and IIS mitigations tailored to SharePoint roles.

Defender Actions

• Apply latest SharePoint patches covering the enumerated CVEs and restart services.
• Scan for known web shell paths and anomalous .aspx/.ashx files with recent timestamps.
• Enable command-line auditing on SharePoint servers and monitor for suspicious archival, compression, and lateral movement tools.
• Review service accounts, application pools, and constrained delegation for privilege creep.

Bouygues Telecom Discloses Data Exposure Impacting 6.4 Million Customers

Bouygues Telecom confirmed unauthorized access to customer datasets containing contact details, contract information, and IBANs for approximately 6.4 million customers, while stating that passwords and card numbers were not affected. The incident elevates risks of targeted fraud and regulatory scrutiny around financial data protection.

Data Types Exposed

• Contact and contract metadata tied to customer accounts.
• Bank IBAN information, raising potential for mandate fraud or social engineering.

Risk Considerations

• Fraudsters may combine IBANs with identity data to initiate unauthorized SEPA mandates or payment scams.
• Customers may face increased phishing leveraging accurate account context.

Recommended Customer Protections

• Monitor bank statements for unauthorized mandates; enable bank alerts.
• Use official channels to verify any requests involving contracts or banking changes.
• Report suspicious communications referencing Bouygues account details.

Enterprise Lessons

• Encrypt banking identifiers at rest and enforce strict access controls and robust audit trails.
• Implement data minimization and tokenization where business flows permit.