September 3, 2025 By Bill Toulas
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws.
This activity is reported by CheckPoint Research, which observed significant chatter on the dark web around HexStrike-AI, associated with the rapid weaponization of newly disclosed Citrix vulnerabilities, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
According to ShadowServer Foundation's data, nearly 8,000 endpoints remain vulnerable to CVE-2025-7775 as of September 2, 2025, down from 28,000 the previous week.
Power in the wrong hands
HexStrike-AI is a legitimate red teaming tool created by cybersecurity researcher Muhammad Osama, which enables the integration of AI agents to autonomously run over 150 cybersecurity tools for automated penetration testing and vulnerability discovery.
"HexStrike AI operates with human-in-the-loop interaction through external LLMs via MCP, creating a continuous cycle of prompts, analysis, execution, and feedback," reads its creator's description.
