Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.
NEW YORK, NEW YORK – MARCH 18: In this photo illustration, Gemini Ai is seen on an iPad on March 18, 2024 in New York City. Apple announced that they’re exploring a partnership with Google to license the Gemini AI-powered features on iPhones with iOS updates later this year. Google already has a deal in place with Apple to be the preferred search engine provider on iPhones for the Safari browser. (Photo Illustration by Michael M. Santiago/Getty Images)
The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.
Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.