New AI-powered HexStrike tool is being used to target multiple Citrix security flaws

Tech
2



  • A legitimate red teaming tool called HexStrike-AI is drawing the attention of the wrong crowd
  • Researchers are seeing “chatter” about the tool being leveraged to exploit known Citrix flaws
  • The patching window for system administrators keeps shrinking

Cybercriminals are using a legitimate red teaming tool to automate the exploitation of n-day vulnerabilities, reducing the time businesses have to fix flaws from days to literal minutes.

Security experts at Check Point Research said they observed “chatter” around the dark web of a tool called HexStrike-AI, an open source offensive security framework that connects large language models such as GPT, Claude, and Copilot with cybersecurity tools through the Model Context Protocol. It provides access to more than 150 tools for penetration testing, bug bounty automation, and vulnerability research, using multiple AI agents to manage workflows, analyze data, and run scanning, exploitation, or reporting tasks.

https://cdn.mos.cms.futurecdn.net/jt92kXfBXVXUWwnKBmDJLn.jpg



Source link

Montather Rassoul
Montather Rassoulhttps://thefifthskill.com/

Latest articles

spot_imgspot_img
Previous article
Most companies are now fully AI-ready – but some worry they’re relying on it too much
Next article
Seagate’s Barracuda 24TB hard drive is the cheapest per TB right now, so act fast if you want one

Related articles

spot_imgspot_img