Mastodawn

https://jobs.jobvite.com/careers/barracuda-networks-inc/job/oskEvfwF?__jvst=Job%20Board&__jvsd=barracuda #infosecjobs #getfedihired

da_667 5d ago

Hey folks, I got contacted by Barracuda Networks for a cybersecurity engineer position. I don't need it, I'm good where I'm at, but I thought I'd share with you in case, you're looking.

Unfortunately, I don't know anymore details than what's on the link, sorry, but good luck.

Barracuda Networks Inc. is looking for Cybersecurity Engineer.

Barracuda Networks Inc. is looking for Cybersecurity Engineer. Learn more or Jobvite a friend.

Sriram "sri" Ramkrishna - 😼6d ago

Howdy all, I'm looking for work. While I'm not yet laid off, I know it is imminent. So if you have any leads for community/developer relations, let me know!! :) #lookingforwork #unemployed

My view on that is I don’t have the data to back it up (because Citrix haven’t provided any way to identify exploitation, including to customers), but if true and the threat actor is running those tools with that provider, it’s probably a ransomware group again.

ReliaQuest are reporting with medium confidence that CitrixBleed2, Electric Boogaloo, is being exploited in the wild HT @CyberLeech https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/

https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/

@GossiTheDog

I was sent this for reference:

Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds - ReliaQuest

CVE-2025-5777 poses serious threats to Citrix Netscaler devices—discover recommended actions to block exploitation and protect accounts from Citrix Bleed 2.

ReliaQuest

Kevin Beaumont 1d ago

Citrix blog on CVE-2025-5777 and some other ones https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/

NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777

Over the past two weeks, Cloud Software Group has released builds to address CVE-2025-6543 and CVE 2025-5777, which affect NetScaler ADC and NetScaler Gateway if they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR an Authentication Authorization and Auditing (“AAA”) virtual server. While both of the vulnerabilities involve the same modules, the exposures differ. CVE 2025-6543, if exploited, could lead to a memory overflow vulnerability, resulting in unintended control flow and Denial of Service. CVE 2025-5777 arises from insufficient input validation that leads to memory overread.

NetScaler Blog

https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-

Kevin Beaumont 1d ago

If you see this GitHub PoC for CVE-2025-5777 doing the rounds:

It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.

The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.

GitHub - mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-: 详细讲解CitrixBleed 2 — CVE-2025-5777（越界泄漏）PoC 和检测套件

详细讲解CitrixBleed 2 — CVE-2025-5777（越界泄漏）PoC 和检测套件. Contribute to mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC- development by creating an account on GitHub.

GitHub

Kevin Beaumont 1d ago

Evidence if anybody cares

Kevin Beaumont 15h ago

I’ve heard that Citrix are complaining me billing this CitrixBleed 2 is causing them reputational damage, and isn’t related in any way to CitrixBleed.

For the record - it was a dumb joke name to attraction attention for patching. I know it isn’t exactly the same cause.

But, ya know, it is a memory disclosure vuln which reveals sensitive info, and it does require ICA sessions be reset.. which only happened before with CitrixBleed.

ineedsleeps 15h ago

@GossiTheDog but they're good with the "Electric Boogaloo" subtitle?

Some commentators have drawn comparisons between CVE 2025-5777 and CVE 2023-4966. While the vulnerabilities share some characteristics, Cloud Software Group has found no evidence to indicate that they are related.

Emphasis theirs. 🤣

Kevin Beaumont 15h ago

@cR0w lols. Like the way they don’t mention CitrixBleed, or the relationship of memory disclosure and sessions needing to be reset 🤣

cR0w

15h ago

@GossiTheDog I also like Cloud Software Group does not provide forensic analysis; however, customers can contact Citrix Customer Support to get access to IoCs.

And

Does CVE 2025-6543 constitute a zero day vulnerability?

Cloud Software Group became aware of limited exploitation activity before the patch was released.

Kevin Beaumont 14h ago

@cR0w don’t say the zero day word! They wouldn’t provide us any IOCs for CVE-2025-5777.

microwavetacos 14h ago

@cR0w @GossiTheDog the only IOCs they will release is via a technical support request for CVE 2025-6543 and is literally a script that looks for a handful of vulnerable conditions and file types in locations they shouldnt be. No public IPs, domains, filenames, etc

Kevin Beaumont 14h ago

@microwavetacos @cR0w yeah, they’re trying to obfuscate that one is RCE via webshell implant

, powered by sarcasm 15h ago

Dan 🔓

@GossiTheDog shit software causes reputational damage

just_one_bear 14h ago

@GossiTheDog As with so much in this world: "The little stupid differences are outweighed by the big stupid similarities."

he1ix 13h ago

@GossiTheDog im surprised to read they care about their reputation.

That's really difficult to imagine, given their track record of security problems.

Various_Canaries 10h ago

@GossiTheDog What about "Electric Bugaloo?" Lmao I bet they love that

Drew Mayo 1d ago

@GossiTheDog I appreciate you. I want to punch folks using ai to make up this shit.

Manuel Tejera 1d ago

@GossiTheDog Vibe coder strikes again.