Security News

Researchers from Mandiant report that four ongoing campaigns target vulnerable Citrix NetScaler ADC and Gateway appliances, with attacks underway since late August 2023. The Citrix Bleed CVE-2023-4966 vulnerability was disclosed on October 10 as a critical severity flaw impacting Citrix NetScaler ADC and NetScaler Gateway, allowing access to sensitive information on the devices.

Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "Mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams. In the past week, GreyNoise observed 137 individual IP addresses attempting to exploit this Citrix vulnerability.

CVE-2023-4966, aka "Citrix Bleed", a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.Threat actors have been quick to leverage vulnerabilities in Citrix NetScaler ADC in the past, and this vulnerability is obviously no exception.

A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. The CVE-2023-4966 Citrix Bleed flaw is an unauthenticated buffer-related vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway, network devices used for load balancing, firewall implementation, traffic management, VPN, and user authentication.

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as...

Citrix has urged admins to "Immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited. Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub.

Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.NetScaler appliances must be configured as a Gateway or an AAA virtual server to be vulnerable to attacks.

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed.They exploited CVE-2023-4966 to hijack existing authenticated sessions, which means that they were able to effectively bypass multifactor authentication requirements.

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as...

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced. A report from Mandiant disclosed that it found signs of CVE-2023-4966 being exploited in the wild since August for stealing authentication sessions and hijacking accounts.