- A legitimate red equipment tool called Hexstrike-AI is drawing the attention of the wrong crowd
- Researchers are seeing “talk” about the tool that is used to exploit known citrix failures
- The patch window for system administrators continues to shrink
Cybercounts are using a legitimate red equipment tool to automate the exploitation of the vulnerabilities of day N, reducing the time that companies have to fix failures from days to literal minutes.
Check Point Research security experts said they observed “talk” on the dark network of a tool called Hexstrike-AI, an open source offensive security frame that connects large language models such as GPT, Claude and Co-plot with cyber security tools through the model context protocol. It provides access to more than 150 tools for penetration tests, automation of error rewards and vulnerability research, using multiple AI agents to manage workflows, analyze data and execute scan, exploitation or report tasks.
It is fed by an “smart decision engine” that selects and executes tools based on the destination environment and admits network analysis, web application tests, cloud security checks, reverse engineering and OSINT.
Citrix at the Care Center
Check Point Research says that computer pirates share information on how to implement Hexstrike-AI to take advantage of CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424, three vulnerabilities recently discovered in Citrix Nescaler ADC and instances of the link door.
The tool supposedly helped them achieve a non -authenticated remote code execution that, in turn, allowed them to eliminate web networks and maintain persistence.
While this talk is not sufficient evidence of abuse, if confirmed, the news would mean that the exploitation time can be reduced from several days to a few minutes, leaving the system administrators with an already small patches window, and even less time before the attacks begin.
“CVE-2025-7775 is already being exploited in nature, and with Hexstrike-Ai, the volume of attacks will only increase in the next few days,” RCP warned.
With this level of automation, keeping updated software without a patch management platform will probably be impossible.
Through Bleepingcomputer
