Lowlands

@lowlands@infosec.exchange
10 Followers
49 Following
213 Posts
infosec leader, learning more than posting
Lowlands1d ago

Funny how @GossiTheDog 's MSpaint graphic, is now a defacto image for Citrix bleed.

https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/

CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by Horizon3.ai

Explore the CVE-2025-5777 vulnerability in Citrix, dubbed CitrixBleed 2. Learn how it works, attack details, and defensive steps from Horizon3.ai experts.

Horizon3.ai
Lowlands6d ago
Show threadKevin Beaumont6d ago
Updated CitrixBleed2 scan results of vuln/not vuln
https://github.com/GossiTheDog/scanning/blob/main/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning

Contribute to GossiTheDog/scanning development by creating an account on GitHub.

GitHub
Show threadLowlandsJul 9
@GossiTheDog I'd love to learn how you did the unobtrusive version check
LowlandsJul 8
@GossiTheDog 64[.]176[.]50[.]109
Show threadLowlandsJul 8
@GossiTheDog seeing the first hits from one of the mentioned IPs on 6/20.
Show threadLowlandsJul 5
@JoParkerBear 404 page not found on that one
LowlandsJul 3
Show threadCatSalad🐈🥗 (D.Burch) Jul 3

@dangoodin Wow, Google really wants access to everyone's data with Gemini.

https://support.google.com/gemini?p=pause_activity

Even when Gemini Apps Activity is off, your conversations will be saved with your account for up to 72 hours to allow Google to provide the service and process any feedback. This activity won’t appear in your Gemini Apps Activity.

Manage & delete your Gemini Apps activity - Computer - Gemini Apps Help

When you are signed in and Gemini Apps Activity is on, Google stores your Gemini Apps activity in your Google Account. You can review your prompts, delete your Gemini Apps activity, and turn off Gemin

LowlandsJul 2
JorgeJul 2
So fucking accurate
Show threadLowlandsJun 27
@wendynather you got it, as promised by the witch
LowlandsJun 24
Show threadKevin BeaumontJun 24

An update on CVE-2025-5777, explaining why orgs should identify systems and patch.

https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 - DoublePulsar

Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 You may have missed it, as the original CVE on 17th June 2025 referred…

DoublePulsar