If you’ve detected exploitation of CitrixBleed 2 aka CVE-2025-5777 I’d be interested to hear - Signal GossiTheDog.1337, obviously I won’t publish details.

I’ve already had one contact, which is an incident with a ransomware group initial access - I’d be interested to help people compare notes on IP addresses and such so there’s a common understanding of level of activity and scale of threat.