Marcel SIneM(S)US#CISA-Katalog attackierter Schwachstellen wuchs 2025 um 20 Prozent | Security https://www.heise.de/news/CISA-Katalog-attackierter-Schwachstellen-wuchs-2025-um-20-Prozent-11130460.html #Malware #Ransomware #Cl0p #CitrixBleed2
"#CitrixBleed2": Aktuelle Angriffswarnungen | Security https://www.heise.de/news/Citrix-Bleed-2-Aktuelle-Angriffswarnungen-10519742.html
🐦🔥nemo™🐦⬛ 🇺🇦🍉🚨 Over 3,300 Citrix NetScaler devices remain unpatched against the critical #CitrixBleed2 vulnerability (CVE-2025-5777), risking session hijacks & MFA bypass! Attackers can steal session tokens remotely. Patch now to avoid data breaches and network risks! 🔐🛡️ #newz
Details: https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/ #Cybersecurity #InfoSec #NetScaler
The DefendOps DiariesCitrix users, your NetScaler devices might be leaving your data wide open. Over 3,300 systems are still unpatched, letting hackers bypass authentication like a "master key." Is your network at risk? Dive into the details and protect your assets now.
https://thedefendopsdiaries.com/understanding-and-mitigating-the-citrixbleed-2-vulnerability/
#citrixbleed2
#netscaler
#cybersecurity
#vulnerability
#patchmanagement
Kevin BeaumontThe Dutch Public Prosecution Service Citrix Netscaler incident is rumbling on. They are working on service recovery.
https://www.databreachtoday.com/dutch-prosecutors-recover-from-suspected-russian-hack-a-29129
gmmds
@GossiTheDog #citrixbleed2 The Dutch Cyber Centre script has been updated with an extra check for xhtml files in /var/netscaler https://github.com/NCSC-NL/citrix-2025/blob/main/TLPCLEAR_check_script_cve-2025-6543-v1.7.sh
Emerging situation to be aware of - some of the #CitrixBleed2 session hijacking victims are also victims of webshell implants via a different vuln, CVE-2025-6543.
Script to check for Netscaler implants: https://github.com/NCSC-NL/citrix-2025/blob/main/TLPCLEAR_check_script_cve-2025-6543-v1.6.sh
#citrixbleed2 Hmm the Dutch Cyber Center script is back: https://github.com/NCSC-NL/citrix-2025 Just looking for php exploits on the Netscalers themselves. @GossiTheDog Any thoughts about this? It’s marked 2025-6543 which makes you wonder a bit which vulnerability was exploited at the OM.
#citrixbleed2 An interesting article (though some mistakes I think) from the Splunk team on cve-2025-5777. I’m not sure whether it’s clumsy wording but they imply that the later cve-2025-6543 was related to cve-2025-5777 (“The vulnerability was disclosed on June 17, 2025, with Citrix expanding the scope and releasing patches by June 23.”) The date is wrong (should be 25th) though so not sure. https://www.splunk.com/en_us/blog/security/citrixbleed-vulnerability-detection-mitigation.html Cool diagram too.
