CyberSecurityBoard
Sponsor Register Login

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

Citrix has released an urgent security update to patch a critical remote code execution (RCE) vulnerability in its NetScaler ADC and NetScaler Gateway products. This flaw, actively exploited in the wild, allows attackers to execute arbitrary code on vulnerable systems, posing a significant risk to enterprise networks. The vulnerability, tracked as CVE-2024-28497, affects multiple versions of NetScaler ADC and Gateway, widely used for application delivery and secure remote access. Exploitation of this zero-day vulnerability has been observed in targeted attacks, emphasizing the need for immediate patching to prevent potential breaches. Citrix has urged all customers to apply the security update without delay to mitigate the risk of exploitation. The incident highlights the ongoing threat landscape where critical infrastructure components are prime targets for sophisticated attackers. Organizations using NetScaler products should also review their security monitoring and incident response plans to detect any signs of compromise related to this vulnerability. This update is part of Citrix's commitment to maintaining secure products and protecting customers from emerging cyber threats. Staying informed and proactive in applying patches is essential for cybersecurity resilience in today's environment.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 26 Aug 2025 21:40:19 +0000


Cyber News related to Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
8 years ago
Two more Citrix NetScaler bugs exploited in the wild The Register - Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution in the appliances' management interface. It ...
1 year ago Go.theregister.com CVE-2023-6548 CVE-2023-6549
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
1 year ago Bleepingcomputer.com CVE-2023-4966
Citrix warns of new Netscaler zero-days exploited in attacks - Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days impact the Netscaler management interface and expose unpatched ...
1 year ago Bleepingcomputer.com CVE-2023-4966
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately - Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The company patched this critical sensitive information disclosure flaw two weeks ago, ...
1 year ago Bleepingcomputer.com CVE-2023-4966 Rocke
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
1 year ago Bleepingcomputer.com CVE-2023-6548 CVE-2023-6549 CVE-2024-0519
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’ | The Record from Recorded Future News - The bug affects Citrix Netscaler ADC and Netscaler Gateway appliances and the company said exploitation of the vulnerability “on unmitigated appliances have been observed.” Since that advisory, multiple incident responders have warned that the ...
1 month ago Therecord.media CVE-2025-5777
Over 1,200 Citrix servers unpatched against critical auth bypass flaw - While Citrix has yet to confirm that this security flaw is being exploited in the wild, saying that "currently, there is no evidence to suggest exploitation of CVE-2025-5777," cybersecurity firm ReliaQuest reported on Thursday with medium confidence ...
1 month ago Bleepingcomputer.com CVE-2025-5777
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks - Security researcher Kevin Beaumont has previously stated that repeated POST requests to /doAuthentication.do in NetScaler logs is a good indication that someone is attempting to exploit the flaw, especially when the request includes a Content-Length: ...
1 month ago Bleepingcomputer.com CVE-2025-5777
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
newsletter Round 478 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-22515 APT29 BianLian
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-49103 CVE-2023-22515 APT28 APT29 BianLian

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)