Ransomware operators, including those linked to the Anubis operation, are leveraging the Citrix Bleed 2 vulnerability, identified as CVE-2025-5777, to gain initial access to targeted systems1. This exploit allows threat actors to utilize legitimate Remote Management and Monitoring tooling, facilitating credential access and hands-on-keyboard procedures for lateral movement. The use of supply chain credentials and Bring Your Own Vulnerable Device (BYOVD) tactics further expands the attack surface. As the disclosure of CVE-2025-5777 broadens the potential attack surface, organizations must prioritize mitigation based on their exposure and evidence of exploitation. The exploitation of this vulnerability by ransomware groups underscores the importance of prompt patching and robust security measures to prevent initial access and subsequent lateral movement. This development matters to security practitioners as it highlights the need for proactive vulnerability management to stay ahead of emerging threats.