CVE-2026-3055 : appliquez ce patch Citrix avant qu'il ne soit trop tard Une nouvelle alerte de sécurité pour les solutions Citrix NetScaler après la découverte de 2 failles, dont l'une particulièrement inquiétante : CVE-2026-3055.

🚨 Une nouvelle alerte pour Citrix NetScaler

Après la découverte de deux failles de sécurité, dont l'une rappelle les vulnérabilités #CitrixBleed et CitrixBleed2 qui ont fait beaucoup de dégâts depuis 2023.

www.it-connect.fr/cve-2026-305...

#Citrix #NetScaler #infosec #zeroday #patch

Original post on cyberscoop.com

Amazon pins Cisco, Citrix zero-day attacks to APT group The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain pro...

#Cybercrime #Cybersecurity #Research #Threats #Amazon #APT […]

[Original post on cyberscoop.com]

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management Agency technology employees. Citrix bug leads to breach The incident occurred on June 22, when threat actors infiltrated Citrix virtual desktop infrastructure inside FEMA via stolen login details. The data was stolen from Region 6 servers, according to NextGov. The DHS security staff were informed of the incident on July 7. A week later, an unknown hacker used a high-level access account and tried to deploy virtual networking software to retrieve details. Mitigation began on July 16.  In September, further mitigation actions were taken, including reframing FEMA Zscaler policies and restricting access to a few websites. According to Nextgov, an internal FEMA email was found that instructed all employees to change their passwords, but no other details about the incidents were mentioned in the email.  About FEMA firings The FEMA employee layoffs happened on August 29, after a routine inspection of the agency’s infrastructure, which revealed a flaw that “allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole,” according to the Department of Homeland Security (DHS).  The firing announcement came from DHS, which also hit FEMA’s top cybersecurity and technology officers. According to DHS, FEMA’s IT staff “resisted any efforts to fix the problem” and “lied” about the significance of flaws. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS said at the time. Lack of effort: DHS FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said when Noem first announced the staff terminations last month. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS also said. About the Citrix bug Citrix sells software that employees use for remote access of workplace apps. The flaw, named CitrixBleed 2.0, in the past has allowed threat actors to escape two-factor authentication measures. “Bleed” is a tactic that makes susceptible devices give out memory content, allowing threat actors to place pieces of data and assemble login credentials for infiltrating devices.

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies #CitrixBleed #Cloud #CyberSecurity

Citrix waarschuwt voor nieuwe actief misbruikte kwetsbaarheden in NetScaler Citrix waarschuwt in een beveiligingsbulletin van vandaag voor nieuwe kwetsbaarheden in zijn NetScaler-producten. Aanvallers maken hier al misbruik van. Kwetsbaarheden in deze netwerkproducten zijn re...

Nieuwe CitrixBleed-ronde?! Er zijn iig 0-day aanvallen op 1 van 3 kwetsbaarheden in NetScaler, die Citrix nu onthult (en waarvoor het fixes biedt). tweakers.net/nieuws/23843...
#security #patches #NetScaler #Citrix #CitrixBleed #0day #zeroday

Backdoor in XZ Utils attiva in Docker Hub, attacchi brute-force su Fortinet e 3300 NetScaler vulnerabili aggravano l’allerta cyber globale.

#backdoor #bruteforce #CitrixBleed #fortinet #Matrix #NetScaler #supplychain #XZUtils
www.matricedigitale.it/2025/08/13/b...

CitrixBleed 2 (CVE-2025-5777) Mitigation: A Guide to Detecting Exposed Citrix NetScaler Assets In July 2025, a proof-of-concept (PoC) code for a memory leak vulnerability (CVE-2025-5777) affecting ...

#Blog #Cybersecurity #Report #User #guide #Citrix […]

[Original post on blog.criminalip.io]

Original post on greenbone.net

Threat Report June 2025: A Cyber Combat of Attrition The 2025 IOCTA report from Europol warns that demand for data on the cybercrime underground is surging. How much data has been stolen exactly? D...

#Blog #Cisco #ISE #CitrixBleed #2 #critical #infrastructure #CVE #2025 #Cyber #Warfare

Origin […]

Zero-day critici su Citrix, VMware, Ivanti e NVIDIA mettono a rischio la cybersecurity globale. Urgenti aggiornamenti e mitigazioni in corso.

#ArchLinux #ChaosRAT #cisa #CitrixBleed #exploit #GreyNoise #Ivanti #nvidia #VMwareESXi #zeroday
www.matricedigitale.it/2025/07/19/c...

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown: www.greynoise.io/blog/exploitation-citrix... #GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

Original post on cyberscoop.com

CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11...

#Cybercrime #Cybersecurity #Research #Threats #CISA […]

[Original post on cyberscoop.com]

CISA warns hackers are actively exploiting critical CitrixBleed 2 CitrixBleed 2 was discovered in mid-June 2025But there were quickly reports of abuse in the wildCISA is now urging FCEB agencies to patch immediately The US Cybersecurity and Infrastructure Security Agency...

CISA warns hackers are actively exploiting critical CitrixBleed 2 #Technology #Cybersecurity #CISA #CitrixBleed #Hackers

CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’ The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnera...

CISA orders US agencies to patch Citrix Bleed flaw ASAP, warning of active exploitation risks. #CitrixBleed #CISA #cybersecurity #infosec #patchmanagement therecord.media/cisa-orders-...

🔥 CitrixBleed 2 is live.

A pre-auth memory flaw in Citrix NetScaler leaks passwords, session tokens, and config data—no login required.

🔍 Over 200,000 exploit attempts detected.

🛡️ Secure your infrastructure now.
#CitrixBleed #VulnerabilityAlert #MemoryLeakExploit #CyberProtection #Infosec

Original post on securityaffairs.com

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScale...

#Breaking #News #Hacking #Security #CitrixBleed #2 […]

[Original post on securityaffairs.com]

Critical CitrixBleed 2 vulnerability has been under active exploit for weeks https://arstechni.ca #vulnerabilities #citrixbleed #Security #hacking #Biz&IT #citrix

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) - Help Net Security All organizations, even those that patched CVE-2025-5777 (aka CitrixBleed 2), should check for indicators of compromise.

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

📖 Read more: www.helpnetsecurity.com/2025/07/08/c...

#cybersecurity #CitrixBleed #CVE

Public exploits released for Citrix Bleed 2 NetScaler flaw patch now memory up to the first null character in the read more about Public exploits released for Citrix Bleed 2 NetScaler flaw patch now

Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now reconbee.com/public-explo...

#publicexploits #citrixbleed #netscaler #cyberattack

Awakari App

Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and ...

#Vulnerabilities #Citrix #CitrixBleed #2 #exploited

Origin | Interest | Match

👀 '1289 & 2100 IPs still seen unpatched.' 👇 H/T @bleepingcomputer.com where this was reported and thx ofc to @shadowserver.bsky.social. #CitrixBleed #cybersecurity cc @gate15.bsky.social

Awakari App

Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access. The po...

#Vulnerabilities #Citrix #CitrixBleed #2 #exploited #Featured #NetScaler

Origin | Interest | Match

"Data Breach Notifications" #citrixbleed

#CVE20234966 #CVE_2023_4966 #citrix is exploited by threat actors.

#iav #asm #attacksurfacemanagement #attacksurface

Still ~1.9K vulnerable IPs.

apps.web.maine.gov/online/aevie...

"LockBit 3.0 #Ransomware Affiliates #Exploit #CVE-2023-4966 Citrix Bleed Vulnerability"

#CVE20234966 #CVE_2023_4966 #citrixbleed is exploited by threat actors.

Still 2.1K unique vulnerable IPs exposed.

#iav #asm #attacksurfacemanagement #attacksurface

Source: www.cisa.gov/news-events/...

Supply-chain ransomware attack causes outages at over 60 credit unions Image Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage

Supply-chain ransomware attack causes outages at over 60 credit unions.

Read more in my article on the Tripwire blog: www.tripwire.com/state-of-sec...

#cybersecurity #databreach #ransomware #vulnerability #citrixbleed

Klinikum Esslingen Opfer eines Cyberangriffs, bei dem Dateien (vorwiegend auf Servern der Radiologie) gelöscht wurden. Wenn meine Informationen stimmen, war #CitrixBleed das Einfallstor.

www.borncity.com/blog/2023/11...

having a bad day :( #citrixbleed

Comment LockBit a piraté Boeing via Citrix Bleed | LeMagIT Alors que le monde entier s'alarme de l'impact de la vulnérabilité Citrix Bleed, Boeing a partagé les détails de son expérience aux mains de l'équipe du ransomware LockBit.

Dans #Onyphe, on trouve des traces de #CitrixBleed pour 4 autres victimes revendiquées chez #LockBit dernièrement... ainsi que certaines n'ayant pas encore été revendiquées : le SIAAP, Okada Manila, RSAG à Rostock, Yanfeng, ou encore Derichebourg. #cyberattaque www.lemagit.fr/actualites/3...

World’s Biggest Bank Hacked: ICBC Walks Trades on USBs Plan B is sneakernet: After Industrial and Commercial Bank of China ransomware attack, U.S. Treasury trades settled by bike messengers with flash drives.

#ICBC FS confirmed a #ransomware attack. The Russian #LockBit scrotes have been fingered as perps (or possibly a RaaS customer of theirs).
#CitrixBleed might be vector. In today’s #SBBlogwatch, we check everything’s patched. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2023/11/icbc...