Tag: citrix
-
Citrix warns of exploitation of Netscaler devices through new bugs
Citrix is sounding the alarm about vulnerabilities affecting Netscaler products that security researchers say are reminiscent of the widely exploited “Citrix Bleed” bug. First seen on therecord.media Jump to article: therecord.media/citrix-warns-netscaler-exploitation-bug
-
Citrix warns of NetScaler vulnerability exploited in DoS attacks
Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/citrix-warns-of-netscaler-vulnerability-exploited-in-dos-attacks/
-
Latest Citrix vulnerability could be every bit as bad as Citrix Bleed
A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626545/Latest-Citrix-vuln-could-be-every-bit-as-bad-as-Citrix-Bleed
-
Critical vulnerability in Citrix Netscaler raises specter of exploitation wave
Threat researchers warn the flaw could open up a flood of attacks that rival the 2023 CitrixBleed crisis.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-vulnerability-citrix-netscaler/751617/
-
New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed “CitrixBleed 2,” after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/
-
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild.The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.It has been described as a case of memory overflow that could result in unintended control flow and…
-
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January First…
-
Citrix Bleed Teil 2: Schwachstelle CVE-20255777 weitet sich aus
Ist jemand unter der Leserschaft für Citrix NetScaler ADC und das NetScaler Gateway als Administrator verantwortlich. Die Tage hatte ich über gravierende Schwachstellen berichtet, die zeitnah geschlossen werden sollten. Nun hat Citrix die Beschreibung von CVE-20255777 geändert, die Sicherheitslücke (CVSS … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/25/citrix-bleed-teil-2-schwachstelle-cve-2025-5777-weitet-sich-aus/
-
Citrix Patches Critical Vulns in NetScaler ADC and Gateway
Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/citrix-patches-vulns-netscaler-adc-gateway
-
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/critical-citrix-netscaler-bug-fixed-upgrade-asap-cve-2025-5777/
-
Citrix NetScaler ADC Gateway Flaws Expose Sensitive Data to Hackers
Two critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk. The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively. Summary…
-
Citrix NetScaler ADC Gateway Flaws Expose Sensitive Data to Hackers
Two critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk. The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively. Summary…
-
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code
Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities”, CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464″, affecting XenServer VM Tools for Windows. These vulnerabilities allow attackers with the ability to execute arbitrary unprivileged code within a guest Windows VM to escalate privileges and compromise that VM. The affected platforms include Windows VMs running on XenServer 8.4 and…
-
Salesforce and Citrix Parent Renew Bidding War for Informatica
Tags: citrixFirst seen on scworld.com Jump to article: www.scworld.com/brief/salesforce-and-citrix-parent-renew-bidding-war-for-informatica
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Die 10 häufigsten IT-Sicherheitsfehler
Von ungepatchten Sicherheitslücken bis hin zu unzureichenden Backups: Lesen Sie, wie sich die häufigsten IT-Sicherheitsfehler vermeiden lassen. Verschlüsselte Dateien und eine Textdatei mit einer Erpresser-Nachricht zeigen klar und deutlich: Ein Unternehmen ist einer Cyberattacke zum Opfer gefallen. Dabei ist das nur das Ende einer langen Angriffskette. Die Tätergruppe bewegt sich oft seit mehreren Wochen oder Monaten…
-
Unpatched Citrix NetScaler Devices Targeted by Ransomware Group FIN8
Citrix issued a patch for the critical remote code execution bug in July for its NetScaler devices. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/unpatched-citrix-devices-targeted-by-ransomware-group-fin8
-
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access
Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-dayTwo-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…
-
Black Basta ransomware leak sheds light on targets, tactics
VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
-
Citrix addressed NetScaler console privilege escalation flaw
Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges…
-
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0It has been described as a case of improper…
-
CISA, FBI call software with buffer overflow issues ‘unforgivable’
Microsoft, VMWare, Ivanti flaws called out: The feds highlighted a list of buffer overflow bugs affecting leading vendors like Microsoft, Ivanti, VMWare, Citrix and RedHat, ranging from high to critical severity, and some already having in-the-wild exploits.The list included two Microsoft flaws that could allow, local attackers in container-based environments to gain system privileges (CVE-2025-21333),…
-
DOGE latest: Citrix supremo has ‘read-only’ access to US Treasury payment system
CEO of Cloud Software a ‘special government employee’ probing through IT for Elon Musk’s DOGE First seen on theregister.com Jump to article: www.theregister.com/2025/02/05/tom_krause_treasury_read_only_access/
-
Citrix Buys Unicon to Bolster Endpoint Security for Users, MSPs
First seen on scworld.com Jump to article: www.scworld.com/news/citrix-buys-unicon-to-bolster-endpoint-security-for-users-msps
-
Citrix Aims for Improved Endpoint Security with Unicorn Purchase
First seen on scworld.com Jump to article: www.scworld.com/brief/citrix-aims-for-improved-endpoint-security-with-unicorn-purchase
-
Improved endpoint security aimed by Citrix with Unicon purchase
First seen on scworld.com Jump to article: www.scworld.com/brief/improved-endpoint-security-aimed-by-citrix-with-unicon-purchase
-
SEC rule confusion continues to put CISOs in a bind a year after a major revision
Tags: attack, breach, business, ciso, citrix, compliance, control, cyber, cyberattack, cybersecurity, data, government, incident, incident response, law, network, privacy, regulation, risk, security-incident, software, strategy, supply-chainConfusion around when and how to report cybersecurity breaches continues to plague companies a year after revised US Securities and Exchange Commission (SEC) cybersecurity breach reporting rules came into effect, experts say.As the agency that regulates and enforces federal US securities laws continues to flex its enforcement muscles against organizations that violate the strict rules,…
-
7 biggest cybersecurity stories of 2024
Tags: access, ai, alphv, at&t, attack, authentication, breach, business, china, cio, ciso, citrix, cloud, credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, detection, email, espionage, exploit, extortion, finance, google, government, group, hacking, healthcare, incident response, infection, insurance, intelligence, international, jobs, lockbit, malicious, malware, mandiant, mfa, microsoft, network, nis-2, north-korea, office, phishing, phone, privacy, ransomware, regulation, risk, risk-management, scam, service, software, strategy, tactics, technology, threat, ukraine, update, vulnerability, windowsCybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention.But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies.Longer-term trends such as increased cybersecurity regulations and the impact of…