Tag: citrix
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
Chinesische APT nutzt CitrixDay – Salt Typhoon: Systematischer und verdeckter Angriff
First seen on security-insider.de Jump to article: www.security-insider.de/salt-typhoon-systematischer-und-verdeckter-angriff-a-ce0e527281b7bb9a75b4623a5d628bb0/
-
Breach Roundup: Feds Confirm ‘Major’ Hack of FBI System
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key Activity. This week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-feds-confirm-major-hack-fbi-system-a-31329
-
CISA tells federal agencies to patch Citrix NetScaler bug by Thursday
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk. First seen on therecord.media Jump to article: therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug
-
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. In March, Citrix issued security updates for two NetScaler vulnerabilities,…
-
Rund 30.000 Instanzen am Netz: Citrix-Systeme werden attackiert
Eine kritische Sicherheitslücke gefährdet unzählige Citrix-Netscaler-Instanzen. Angreifer nutzen sie bereits aus. Es droht eine vollständige Kompromittierung. First seen on golem.de Jump to article: www.golem.de/news/rund-30-000-instanzen-am-netz-citrix-systeme-werden-attackiert-2603-207086.html
-
CISA orders feds to patch actively exploited Citrix flaw by Thursday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-citrix-flaw-by-thursday/
-
Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks/
-
Under Fire: Attackers Target Flaws in F5 and Citrix Gear
F5 Revises Severity of Flaw Disclosed Last Year. Flaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a memory overread flaw in NetScaler Application Delivery Controller. First seen on govinfosecurity.com Jump…
-
Citrix NetScaler products confirmed to be under exploitation
Security researchers at watchTowr warn that multiple flaws are involved in the early stages of a hacking spree that could rival the 2023 CitrixBleed campaign. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/citrix-netscaler-exploitation-vulnerabilities/816097/
-
Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat
Researchers say attackers are already looting vulnerable boxes First seen on theregister.com Jump to article: www.theregister.com/2026/03/30/citrix_netscaler_flaw/
-
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-citrix-netscaler/
-
Hackers Probe Citrix NetScaler Systems Ahead of Suspected CVE-2026-3055 Exploitation
Tags: citrix, cve, cyber, cyberattack, cybersecurity, data-breach, exploit, flaw, hacker, intelligence, threat, vulnerabilityCybersecurity researchers are warning organizations about imminent cyberattacks targeting a newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firms watchTowr and Defused Cyber have uncovered active reconnaissance campaigns targeting CVE-2026-3055, a severe flaw that allows attackers to steal sensitive data. With hackers actively scanning for exposed systems, organizations are urged…
-
Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), in Citrix NetScaler ADC and Gateway is already being actively probed by attackers. This week, Citrix issued security updates for two NetScaler vulnerabilities, including the critical memory…
-
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr.The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information.Per First seen on thehackernews.com…
-
Critical Citrix NetScaler Flaw Draws CitrixBleed Comparisons as Exploitation Window Narrows
A critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway is drawing urgent warnings from the security community, with experts cautioning that exploitation could be imminent and that the ghost of CitrixBleed looms large over the disclosure. Tracked as CVE-2026-3055 with a CVSS score of 9.3, the flaw is an out-of-bounds read issue affecting NetScaler…
-
Critical flaw in Citrix NetScaler raises fears of new exploitation wave
Researchers warn that security teams need to take immediate mitigation steps before a public proof of concept is released. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-in-citrix-netscaler-raises-fears-of-new-exploitation-wave/815832/
-
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
CSO in an email, because the hole allows an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.”This vulnerability is one that threat actors and researchers alike are paying attention to,” he said.The vulnerability carries similar ramifications to 2023’s CitrixBleed and 2025’s CitrixBleed2 memory leak vulnerabilities, Emmons added. Then, unauthenticated attackers with…
-
Citrix urges admins to patch NetScaler flaws as soon as possible
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/
-
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance’s memory First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/citrix-patch-netscaler/
-
Citrix NetScaler critical flaw could leak data, update now
Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citrix issued security updates for two NetScaler vulnerabilities, including a critical memory overread, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data. The flaw CVE-2026-3055 is an insufficient…
-
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/netscaler-adc-gateway-cve-2026-3055/
-
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.The vulnerabilities are listed below -CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overreadCVE-2026-4368 (CVSS score: 7.7) – Race condition leading to user…
-
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do.Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little…
-
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do.Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little…
-
GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS
GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure…
-
Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages
A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to map login panels and enumerate software versions, a clear indicator of pre-exploitation preparation. The scanning activity generated 111,834 sessions from more than 63,000 unique IP addresses, with 79% of traffic specifically…
-
Wave of Citrix NetScaler scans use thousands of residential proxies
A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wave-of-citrix-netscaler-scans-use-thousands-of-residential-proxies/
-
Comcast to Pay $117M in Security Breach Settlement
The breach was linked to a vulnerability known as “CitrixBleed,” a flaw affecting Citrix NetScaler Application Delivery Controller and Gateway appliances. The post Comcast to Pay $117M in Security Breach Settlement appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-comcast-security-breach-settlement/
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…