CitrixBleed 2: The Unpatched Comedy of Errors Leaving Thousands Vulnerable
CitrixBleed 2: Hackers target over 100 organizations through a critical NetScaler vulnerability. Despite patches, many remain at risk, with session tokens exploited to bypass MFA. Researchers urge immediate action from affected sectors, while attackers from China, Russia, South Korea, and the US continue their “spray and pray” approach.
Hot Take:
Looks like Citrix has managed to pull off a sequel nobody asked for with CitrixBleed 2: The Return of the Hacker. This vulnerability is like that stubborn stain that just won’t come out, leaving organizations scrambling to patch their systems while cybercriminals are having a field day. If only there were Oscars for the most persistent bugs, CitrixBleed 2 would be a shoo-in for Best Exploit in a Leading Role! Let’s hope the next Citrix patch doesn’t come with a surprise post-credits scene.
Key Points:
– CitrixBleed 2 is an insufficient input validation issue in NetScaler, scored a high-risk 9.3 on CVSS.
– The flaw allows attackers to read out-of-bounds memory, hijack sessions, and bypass MFA.
– Exploitation started soon after patches were released, well before public proof-of-concept (PoC) code emerged.
– Over 100 organizations have been affected, with attacks spanning multiple sectors.
– Thousands of NetScaler instances remain unpatched, with activity mainly originating from China, Russia, South Korea, and the US.