Hackers exploited Citrix and Cisco flaws before disclosure.

Amazon reports that an advanced threat group exploited two critical zero-day vulnerabilities in Citrix and Cisco systems weeks before patches were released. The Citrix flaw, dubbed CitrixBleed 2, was patched in June but had already been targeted, while the Cisco Identity Service Engine bug allowed attackers to gain root access through a custom backdoor. The malware used advanced techniques to evade detection and manipulate Tomcat servers. Amazon believes the campaign was carried out by a highly resourced actor with access to unpublished vulnerability information.

Read more:

https://www.securityweek.com/cisco-ise-citrixbleed-2-vulnerabilities-exploited-as-zero-days-amazon/