In the ever-evolving landscape of cybersecurity threats, ransomware operators continue to refine their attack methodologies, adopting increasingly sophisticated techniques to breach organizational defenses. Recent intelligence reveals that threat actors, particularly those affiliated with the Anubis ransomware operation, have been leveraging multiple attack vectors including the Citrix Bleed 2 vulnerability, Bring Your Own Vulnerable Driver (BYOVD) attacks, and compromised supply chain credentials to gain initial access and escalate privileges within targeted networks.

Security researchers have observed Anubis affiliates actively exploiting Citrix Bleed 2 (CVE-2025-5777),