- A legitimate red teaming tool called hexstrike-aa is aware of the wrong audience
- Researchers see “Chatter” about the tool geared to exploit known citrix errors
- The Lappy window for system administrators is about to shrink
Cyber criminals use a legitimate red teaming tool to automate the utilization of N-Day’s vulnerabilities, reducing the time companies must solve deficiencies from days to literal minutes.
Security experts at Check Point Research said they observed “scraped” around the dark web of a tool called Hexstrike-IA, an open source offensive security frame that connects large language models such as GPT, Claude and copilot with cybersecurity tools through the model context protocol. It provides access to more than 150 penetration test tools, Bug -Bounty automation and vulnerability studies using multiple AI agents to manage workflows, analyze data and run scanning, exploitation or reporting tasks.
It is powered by an “intelligent decision engine” that selects and performs tools based on the target environment, and supports network analysis, web application test, cloud security control, reverse engineering and osin.
Citrix in the limelight
Check Point Research says hackers share information on how to implement Hexstrike-Ai to take advantage of CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424, three vulnerabilities recently discovered in Citrix Netscaler ADC and Gateway bodies.
The tool allegedly helped them achieve unauthorized performance of remote code, which in turn allowed them to drop webshells and maintain persistence.
While this talk is not evidence enough of abuse if confirmed, the news would mean that the exploitation time can be cut off from several days to a few minutes, leaving system administrators with an already small patching window and even less time before attacks begin.
“CVE-2025-7775 is already utilized in nature, and with hexstrike-ai, the amount of attacks will only rise in the coming days,” warned CPR.
With this level of automation, it is likely to be impossible to keep software up to date without a patch management platform.
Via Bleeping computer
