Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Ransomware gangs have started exploiting vulnerabilities in Citrix, BYOVD (Bring Your Own Vulnerable Dependency), and supply chain credentials, leaving businesses scrambling to patch up their defenses. This worrying trend highlights the evolving tactics of cybercriminals and underscores the need for organizations to remain vigilant against emerging threats.

Citrix Bleed 2 is a highly critical vulnerability that affects Citrix ADC and Gateway systems. It allows attackers to execute arbitrary code on the affected devices, effectively giving them remote access to sensitive data and infrastructure. Ransomware groups have been actively exploiting this flaw to gain unauthorized entry into victim organizations’ networks. The same vulnerabilities are also being used in BYOVD attacks, where malicious dependencies are embedded within legitimate software packages.

The exploitation of supply chain credentials takes the form of a more sophisticated tactic, known as “chain-of-trust” attacks. In these scenarios, attackers compromise third-party vendors or contractors who have access to sensitive information, then use this data to gain further entry into an organization’s network. This type of attack can be particularly devastating due to its reliance on exploiting vulnerabilities in the supply chain.

The reason why ransomware gangs are turning to these tactics is that traditional phishing and brute-force attacks have become increasingly ineffective against modern security defenses. By targeting software vulnerabilities, attackers can bypass many layers of protection and gain direct access to sensitive data. This trend underlines the importance of prioritizing vulnerability management and keeping up with regular patch updates.

In light of this threat landscape, it’s crucial for organizations to adopt proactive measures to prevent exploitation. These include implementing a robust vulnerability scanning program, regularly updating software packages, and closely monitoring network activity for signs of suspicious behavior. Moreover, businesses must ensure they’re maintaining secure relationships with their third-party vendors and contractors, including conducting thorough background checks and continuously reviewing access controls.

Ultimately, the emergence of AI-driven vulnerability discovery has put additional pressure on organizations to stay one step ahead of cyber threats. By understanding the tactics being employed by ransomware gangs and taking steps to shore up defenses, businesses can minimize their exposure to these types of attacks.


Source: The Hacker News — 2026-07-02