November 1, 2023 at 10:23AM Thousands of Citrix NetScaler ADC and Gateway instances are vulnerable to a critical flaw, dubbed ‘Citrix Bleed’, that allows unauthenticated attackers to leak sensitive information. The vulnerability is actively being exploited by threat actors, including ransomware groups. Citrix has released patches, but roughly half of NetScaler customers have yet to … Read more
October 24, 2023 at 05:04PM Citrix has issued an urgent fix for a critical information disclosure bug, CVE-2023-4966, affecting NetScaler ADC and NetScaler Gateway, revealing that the exploit has been actively used. GitHub now hosts a proof-of-concept exploit named Citrix Bleed. Organizations using affected builds should assume they have been compromised, apply the update, and … Read more
October 23, 2023 at 02:22PM Citrix warns admins to immediately secure NetScaler ADC and Gateway appliances against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The vulnerability allows unauthenticated attackers to remotely exploit systems without user interaction. Mandiant reported that threat actors have been using this zero-day vulnerability to steal authentication sessions and hijack accounts since late … Read more
October 18, 2023 at 09:15AM Citrix has issued a warning about a critical security flaw in its NetScaler ADC and Gateway appliances, known as CVE-2023-4966. The vulnerability could expose sensitive information and requires devices to be configured as a Gateway or AAA virtual server for exploitation to occur. Patches were released on October 10, 2023, … Read more