-
Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks
An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as zero-days to deploy custom malware.
- November 12, 2025
- 09:00 AM
0
-
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws.
- September 03, 2025
- 02:03 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.
- August 27, 2025
- 12:48 PM
- 0
-
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.
- August 26, 2025
- 05:37 PM
- 0
-
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released.
- August 12, 2025
- 10:31 AM
- 0
-
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs
The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country.
- August 11, 2025
- 03:19 PM
- 0
-
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks.
- July 17, 2025
- 07:37 PM
- 0
-
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.
- July 11, 2025
- 10:45 AM
- 0
-
Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens.
- July 07, 2025
- 06:57 PM
- 0
-
Citrix warns of login issues after NetScaler auth bypass patch
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances.
- July 02, 2025
- 12:19 PM
- 1
-
Over 1,200 Citrix servers unpatched against critical auth bypass flaw
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions.
- June 30, 2025
- 07:47 AM
- 0
-
Citrix Bleed 2 flaw now believed to be exploited in attacks
A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.
- June 27, 2025
- 10:18 AM
- 0
-
Citrix warns of NetScaler vulnerability exploited in DoS attacks
Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition.
- June 25, 2025
- 01:35 PM
- 0
-
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.
- June 25, 2025
- 12:10 PM
- 0
-
January Windows updates may fail if Citrix SRA is installed
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device.
- January 14, 2025
- 05:04 PM
- 1
-
Citrix shares mitigations for ongoing Netscaler password spray attacks
Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks.
- December 13, 2024
- 05:10 PM
- 0
-
Citrix warns admins to manually mitigate PuTTY SSH client bug
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
- May 09, 2024
- 03:27 PM
- 0
-
Change Healthcare hacked using stolen Citrix account with no MFA
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled.
- April 30, 2024
- 10:13 AM
- 4
-
Citrix, Sophos software impacted by 2024 leap year bugs
Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products.
- February 29, 2024
- 01:30 PM
- 4
-
CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
- January 17, 2024
- 01:31 PM
- 0
0
