A critical Citrix NetScaler vulnerability (CVE-2025-5777) was actively exploited nearly two weeks before public proof-of-concept releases, contradicting Citrix's initial claims of no attacks. Security researchers confirmed targeted exploitation from Chinese IPs, while the vendor delayed acknowledging threats and providing critical mitigation guidance. The flaw allows session hijacking through memory leaks, with over 120 organizations already compromised.