#citrixbleed — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #citrixbleed, aggregated by home.social.
-
#Citrix Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of #CitrixBleed!
Defenders need to act quickly. Patch Now!
👇
https://thehackernews.com/2026/03/citrix-urges-patching-critical.html -
#CitrixBleed2: Kritische Netscaler-Lücke wird seit fast einem Monat ausgenutzt | Security https://www.heise.de/news/Citrix-Bleed-2-Kritische-Netscaler-Luecke-wird-seit-fast-einem-Monat-ausgenutzt-10492320.html #Patchday #CyberCrime #DataLeak #Datenleck #Datenschutz #privacy #CitrixBleed
-
Perhaps the EU should only allow Tailscale like VPN's for remote connectivity... #citrixbleed
-
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown: https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc #GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
-
Critical #CitrixBleed 2 #vulnerability has been under active #exploit for weeks
A critical vulnerability allowing #hackers to bypass #multifactor #authentication in network management devices made by #Citrix has been actively #exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild #exploitation.
#security #privacy -
This Week in Security: Bitchat, CitrixBleed Part 2, Opossum, and TSAs - @jack is back with a weekend project. Yes, that Jack. [Jack Dorsey] spent last wee... - https://hackaday.com/2025/07/11/this-week-in-security-bitchat-citrixbleed-part-2-opossum-and-tsas/ #thisweekinsecurity #hackadaycolumns #securityhacks #citrixbleed #bitchat #opossum #mcp
-
Critical CitrixBleed 2 vulnerability has been under active exploit for weeks - A critical vulnerability allowing hackers to bypass multifac... - https://arstechnica.com/security/2025/07/critical-citrixbleed-2-vulnerability-has-been-under-active-exploit-for-weeks/ #vulnerabilities #citrixbleed #security #hacking #biz #citrix
-
"CitrixBleed 2": #Citrix #Netscaler-Lücken gravierender | Security https://www.heise.de/news/CitrixBleed-2-Citrix-Netscaler-Luecken-gravierender-10460208.html #CitrixNetscaler #CitrixBleed #CitrixBleed2 #Patchday
-
‘CitrixBleed 2’ Shows Signs of Active Exploitation – Source: www.darkreading.com https://ciso2ciso.com/citrixbleed-2-shows-signs-of-active-exploitation-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #CitrixBleed' #DARKReading
-
CitrixBleed 2 Vulnerability Exploited, Recalling Earlier CitrixBleed Fallout – Source: www.infosecurity-magazine.com https://ciso2ciso.com/citrixbleed-2-vulnerability-exploited-recalling-earlier-citrixbleed-fallout-source-www-infosecurity-magazine-com/ #rssfeedpostgeneratorecho #InfoSecurityMagazine #InfosecurityMagazine #CyberSecurityNews #CitrixBleed'
-
Prior recaps on #CitrixBleed and LockBit by me: https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee
-
The Boeing #CitrixBleed incident led to a $200m ransom demand: https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/
-
UnitedHealth hackers used stolen Citrix credentials, CEO says⤵️
#UnitedHealth #databreach #cyberattack #Citrixbleed #cybersecurity #infosec -
Another #CitrixBleed, this one from mid November. 200k people impacted. HT @euroinfosec
https://apps.web.maine.gov/online/aeviewer/ME/40/5f9aa393-9c7a-49e0-855f-5e36adfb9e6c.shtml
-
#MOVEit, #Capita, #CitrixBleed and more: The biggest #data #breaches of #2023
Hackers had a busy year exploiting popular file-transfer tools and targeting under-resourced organizations
https://techcrunch.com/2023/12/27/moveit-capita-citrixbleed-biggest-data-breaches-2023/
-
The Church of Sweden(Svenska Kyrkan) was ransomwared on the 23rd of November. This is now being attributed to BlackCat.
Here's a #Citrixbleed vulnerable server serving a wildcard cert for *.svenskakyrkan.se, last scanned by Shodan on the 23rd. Probably not related at all
-
#CitrixBleed erst nach zwei Wochen gepatcht: 36 Millionen Kundendaten abgegriffen | Security https://www.heise.de/news/CitrixBleed-erst-nach-zwei-Wochen-gepatcht-36-Millionen-Kundendaten-abgegriffen-9579227.html
-
Like I always say, update yo stuff!
Comcast held a virtual door open for thieves to steal data - Desk Chair Analysts
https://dcanalysts.net/comcast-held-a-virtual-door-open-for-thieves-to-steal-data/
#Citrix #CitrixBleed #Comcast #InfoSec #Security #Xfinity #TechNews #DCA
-
#Comcast Xfinity data breach affects over 35 million people
A #CitrixBleed fatality.
Data accessed includes customer usernames and hashed* passwords. Xfinity is forcing password changes next time you sign into an account.
In some cases data accessed may include:
- Last 4 of SSN
- DOBs
- Secret Questions / Answers exposed#cybersecurity #security #infosec #xfinity
https://www.theverge.com/2023/12/18/24007082/xfinity-data-breach-hack-notice-citrix
-
Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price - Enlarge / A Comcast Xfinity service van in San Ramon, California on Feb... - https://arstechnica.com/?p=1992160 #networkbreach #citrixbleed #security #comcast #xfinity #biz&it
-
#Comcast has disclosed a #CitrixBleed-related data breach which affected 35 million #Xfinity customers. The impacted info included names, contact information, last four digits of social security numbers, dates of birth and secret questions and answers.
https://apps.web.maine.gov/online/aeviewer/ME/40/49e711c6-e27c-4340-867c-9a529ab3ca2c.shtml
-
CTS, a cloud provider for legal firms in the UK, who were late patching #CitrixBleed, have appeared on Cactus ransomware's portal today.
They're offering downloads of CTS customer data. #threatintel
-
Two days left to patch those Netscalers against #Citrixbleed before you're on change freeze for a month!
-
Great take on HHS's #CitrixBleed alert in a recent edition of SANS NewsBites.
-
Supply-chain ransomware attack causes outages at over 60 credit unions – Source: www.tripwire.com https://ciso2ciso.com/supply-chain-ransomware-attack-causes-outages-at-over-60-credit-unions-source-www-tripwire-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #grahamcluleycom #Vulnerability #CitrixBleed' #Grahamcluley #DataBreach #ransomware #Guestblog #Dataloss #Malware
-
Supply-chain ransomware attack causes outages at over 60 credit unions https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions #Vulnerability #vulnerability #CitrixBleed #Ransomware #databreach #ransomware #Guestblog #Dataloss #Malware
-
Am 28. November 2023 gab es einen unerwünschten Fernzugriff auf das #KlinikumEsslingen. Eine unbekannte Person hat laut Angaben eine #Sicherheitslücke in #Citrix ausgenutzt und bekam für eine kurze Zeit Zugriff auf die IT-Infrastruktur vom Klinikum.
https://netzsicherheit.info/02/12/2023/citrix-bleed-digitaler-angriff-auf-klinikum-esslingen/
-
🚨 Une faille critique nommée Citrix Bleed (CVE-2023-4966) affecte les systèmes Citrix NetScaler, permettant le détournement de sessions authentifiées et la contournement de l'authentification à facteurs multiples. Plusieurs grandes entreprises, dont Boeing et Allen & Overy, ont été ciblées par des cyberattaques exploitant cette vulnérabilité, avec des suspicions de cyberespionnage et des actions criminelles par des groupes comme LockBit 3.0. 🛡️ Il est urgent de vérifier et sécuriser les systèmes Citrix pour se prémunir contre ces menaces qui restent actives. #CyberSécurité #CitrixBleed #CVE2023-4966
https://www.lemagit.fr/actualites/366559556/Citrix-Bleed-la-liste-des-victimes-de-lexploitation-de-la-vulnerabilite-sallonge -
After Industrial and Commercial Bank of China ransomware attack, U.S. Treasury trades settled by bike messengers with flash drives.
#ICBC Financial Services confirmed it suffered a #ransomware attack. The Russian #LockBit scrotes have been fingered as perps (or possibly a RaaS customer of theirs).
#CitrixBleed (CVE-2023-4966) might have been the vector. In today’s #SBBlogwatch, we check everything’s patched. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2023/11/icbc-ransomware-trades-usb-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
Full list of all known #CitrixBleed exploiters, care of @[email protected] and @[email protected].
https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22
#CVE_2023_4966 -
Full list of all known #CitrixBleed exploiters, care of @[email protected] and @[email protected].
https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22
#CVE_2023_4966 -
Full list of all known #CitrixBleed exploiters, care of @[email protected] and @[email protected].
https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22
#CVE_2023_4966 -
Full list of all known #CitrixBleed exploiters, care of @[email protected] and @[email protected].
https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22
#CVE_2023_4966 -
Full list of all known #CitrixBleed exploiters, care of @[email protected] and @[email protected].
https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22
#CVE_2023_4966 -
Had a very interesting vuln disclosure experience today. I found a pre-auth RCE in F5-BIGIP admin panels (yes...the same one that's had RCE issues for years - there's more) with my coworker Thomas Hendrickson.
We went to report to F5 at the beginning of the month and had some back and forth with them over the disclosure timeline. We're not in a rush, we figured it would take a month or two to disclose, but they wanted to publish it in February 2024. That's a long time to wait for a pre-auth RCE bug, so we asked for it to be sooner, but with 48 hours notice so we could coordinate with our customers appropriately. They said they were fine with that.
Then last night at 8PM ET, we get an email that they're dropping the advisory + hotfix in 16 hours. We asked why and were told "we believe this vulnerability is now known outside of F5 and Praetorian thus forcing our hands at an immediate disclosure". The advisory was published a few hours ago - https://my.f5.com/manage/s/article/K000137353. No patch, but there's a hotfix you can run on some versions of F5s. A few versions have been marked as "will not fix", so this is a permanent way to pop them.
Simultaneously, a blog post that we referenced heavily for AJP Request Smuggling disappeared off the internet (the author locked every post they'd made since 2016). The posts were live 10 days or so ago.
It's likely all a huge coincidence - but regardless, if you want to read about a bug-chain to pop internet exposed F5 Management Panels or learn about AJP Request Smuggling, take a look over at https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/.
Once the patch has had a little bit of time to be applied, we'll drop the rest of the technical information about the bug.
If anyone here is aware of this being exploited in the wild, I'd love to hear about it. Tagging a few folks who are a bit more in the know (apologies if this is spammy, but I'm curious).
On the IoC side it's a bit tricky because the bug relies on abusing a bug in Apache, so I have no idea what it actually looks like in the logs. The raw request will have "Transfer-Encoding: <a valid value>, chunked" as one of the headers. For example "Transfer-Encoding: gzip, chunked" or "Transfer-Encoding: chunked, chunked".
I know it's no #citrixbleed, but this is a pretty bad bug if you're one of the thousands of orgs that still has an F5 config panel on the internet.
-
"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"
A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.
Source: BleepingComputer
Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec
Author: Bill Toulas
-
"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"
A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.
Source: BleepingComputer
Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec
Author: Bill Toulas
-
"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"
A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.
Source: BleepingComputer
Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec
Author: Bill Toulas
-
"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"
A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.
Source: BleepingComputer
Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec
Author: Bill Toulas
-
"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"
A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.
Source: BleepingComputer
Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec
Author: Bill Toulas