The Amazon CISO has confirmed a hacker used two zero-day exploits concurrently in advanced persistent attacks — what you need to know.
SOPA Images/LightRocket via Getty Images, any mention of Amazon in an exploit story is bound to get the pulse racing. But you can relax, as this isn’t another. So, what then are the CVE-2025-5777 and CVE-2025-20337 zero-day vulnerabilities used in hack attacks by an “advanced threat actor” that the Amazon Threat Intelligence team has newly confirmed? Here’s everything you need to know.
are worth getting unduly excited about. Some, such as the CVE-2025-5777 and CVE-2025-20337 zero-days that Amazon has confirmed were used simultaneously in an attempt to access critical identity and network access control infrastructure, however, are a different kettle of pre-authentication attack concern.of an advanced persistent attacker using two separate and previously undisclosed zero-day vulnerabilities in an exploit campaign against those systems used by enterprises to enforce their security policies and manage authentication.The hacking campaign was caught by the Amazon MadPot honeypot, a decoy network designed purely to lure unsuspecting attackers into thinking they are hard enough and clever enough to succeed, which detected “exploitation attempts for the Citrix Bleed Two vulnerability prior to public disclosure,” Moses said. Analysis by the Amazon security boffins further identified “an anomalous payload targeting a previously undocumented endpoint in Cisco ISE that used vulnerable deserialization logic.” That was, it turned out, another zero-day. CVE-2025-20337 enabled attackers to get pre-authentication remote code execution on Cisco ISE deployments, and as a result, administrator access to compromised systems. “What made this discovery particularly concerning,” Moses warned, “was that exploitation was occurring in the wild before Cisco had assigned a CVE number or released comprehensive patches across all affected branches of Cisco ISE.”Moses said that security teams should use this information as “a reminder that critical infrastructure components like identity management systems and remote access gateways remain prime targets for threat actors.” Amazon recommends limiting access, through firewalls or layered access, to privileged security appliance endpoints such as management portals. You can find out more about the zero-days and patches directly from
Amazon Hack Amazon Threat Intelligence Amazon APT CVE-2025-5777 CVE-2025-20337 Citrix Bleed Two Cisco Amazon Security Amazon Security Report
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The Super Mario Galaxy Movie trailer confirms Rosalina and Bowser Jr. are in the sequelFind the latest technology news and expert tech product reviews. Learn about the latest gadgets and consumer tech products for entertainment, gaming, lifestyle and more.
Read more »
Noah Schnapp Confirms Will Byers' Story Ends in Stranger Things Season 5Jonathan, Will, Nancy, Joyce, Eleven, Hopper, & Mike looking up in the Stranger Things season 4 finale
Read more »
DC Officially Confirms Two-Face's Design For Batman's New AppearanceRobert Pattinson's Batman looking scared upwards in The Batman
Read more »
The Simpsons Confirms Release Date for Milestone 800th Episode (And Upcoming Finale)The Simpsons has finally confirmed when fans will get to see the series' massive 800th episode ahead of its next season finale
Read more »
Amazon Liquidates This Premium 1TB 15″ Laptop at 75% Off, Lenovo Surely Upset with AmazonLenovo's 15.6-inch laptop packs 16GB RAM and 1TB SSD, and it's selling for a new record low.
Read more »
Amazon CISO Confirms Hacker Exploit Used 2 Zero-Day AttacksThe Amazon CISO has confirmed a hacker used two zero-day exploits concurrently in advanced persistent attacks — what you need to know.
Read more »