CISA tags Citrix Bleed 2 as exploited gives agencies a day to patch
pCISA tags Citrix Bleed 2 as exploited gives agencies a day to patchppFour arrested in UK over MS Coop Harrods cyberattacksppQantas confirms data breach impacts 57 million customersppIngram Micro starts restoring systems after ransomware attackppMalicious VSCode extension in Cursor IDE led to 500K crypto theftppGet started in IT with 275 off this allinone CompTIA course bundle dealppWindows 10 KB5062554 update breaks emoji panel search featureppGoogle Gemini flaw hijacks email summaries for phishingppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThe US Cybersecurity Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability CVE20255777 in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixesppSuch a short deadline for installing the patches is unprecedented since CISA released the Known Exploited Vulnerabilities KEV catalog showing the severity of the attacks exploiting the security issueppThe agency added the flaw to its Known Exploited Vulnerabilities KEV catalog yesterday ordering federal agencies to implement mitigations by the end of today June 11ppCVE20255777 is a critical memory safety vulnerability outofbounds memory read that gives an unauthenticated attacker access to restricted parts of the memoryppThe issue impacts NetScaler devices that are configured as a Gateway or an AAA virtual server in versions prior to 1414356 1315832 13137235FIPSNDcPP and 2155328FIPSppCitrix addressed the vulnerability through updates released on June 17ppA week later security researcher Kevin Beaumont warned in a blog post about the flaws potential for exploitation its severity and repercussions if left unpatchedppBeaumont called the flaw CitrixBleed 2 due to similarities with the infamous CitrixBleed vulnerability CVE20234966 which was extensively exploited in the wild by all types of cybercriminal actorsppThe first warning of CitrixBleed 2 being exploited came from ReliaQuest on June 27 On July 7 security researchers at watchTowr and Horizon3 published proofofconcept exploits PoCs for CVE20255777 demonstrating how the flaw can be leveraged in attacks that steal user session tokensppAt the time signs of definitive active exploitation in the wild remained elusive but with the availability of PoCs and ease of exploitation it was only a matter of time until attackers started to leverage it at a larger scaleppFor the past two weeks though threat actors have been active on hacker forums discussing working testing and publicly sharing feedback on PoCs for the Citrix Bleed 2 vulnerabilityppThey showed interest in how to make available exploits work in attacks Their activity increased the past few days and multiple exploits for the vulnerability have been publishedppWith CISA confirming CitrixBleed 2 being actively used in attacks it is likely that threat actors have now developed their own exploits based on the technical info released last weekppApply mitigations per vendor instructions follow applicable BOD 2201 guidance for cloud services or discontinue use of the product if mitigations are unavailable CISA warnsppTo mitigate the issue users are strongly recommended to upgrade to firmware versions 1414356 131 5832 or 131FIPSNDcPP 131 37235ppAfter updating admins should disconnect all active ICA and PCoIP sessions as they may already be compromisedppBefore doing so they should review current sessions for suspicious behavior using the show icaconnection command or via NetScaler Gateway PCoIP ConnectionsppThen end the sessions using the following commandsppIf updating right away isnt possible limit external access to NetScaler using firewall rules or ACLsppAlthough CISA confirms exploitation it is important to note that Citrix has still to update its original security bulletin from June 27 which states that there is no evidence of CVE20255777 exploited in the wildppBleepingComputer contacted Citrix to ask if there are any updates on the exploitation status of CitrixBleed 2 and we will update this post once a statement becomes availableppWhile cloud attacks may be growing more sophisticated attackers still succeed with surprisingly simple techniquesppDrawing from Wizs detections across thousands of organizations this report reveals 8 key techniques used by cloudfluent threat actorsppNew CitrixBleed 2 NetScaler flaw let hackers hijack sessionsppCitrix Bleed 2 flaw now believed to be exploited in attacksppPublic exploits released for Citrix Bleed 2 NetScaler flaw patch nowppCISA warns of ConnectWise ScreenConnect bug exploited in attacksppHackers are exploiting critical RCE flaw in Wing FTP ServerppNot a member yet Register Nowpp123456 password exposed chats for 64 million McDonalds job chatbot applicationsppNVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacksppExploits for preauth Fortinet FortiWeb RCE flaw released patch nowppStill exposing RDP to the internet Secure it instantly with TruGrid SecureRDPppLearn about Scattered Spiders evolving TTPs and how to defend your organizationppCan you trust your extensions Discover Kois zerotrust approach to software securityppWhy CISOs Are Replacing Legacy MFA With PhishingProof Biometric AuthenticationppOverdue a password healthcheck Audit your Active Directory for freeppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp