INC Ransomware is actively exploiting two Citrix NetScaler ADC/Gateway vulnerabilities — CVE-2023-3519 (unauthenticated RCE, CVSS 9.8) and CVE-2025-5777 — as primary initial access vectors in campaigns targeting healthcare, manufacturing, and legal organizations. Both vulnerabilities affect internet-facing NetScaler appliances and provide unauthenticated code execution, making unpatched perimeter appliances an immediate entry point for ransomware deployment.