Hackers Exploit Critical ‘Citrix Bleed 2’ Flaw, CISA Warns
▼ Summary
– CISA warns hackers are actively exploiting a critical flaw in Citrix NetScaler, giving federal agencies one day to patch their systems.
– The flaw, dubbed “Citrix Bleed 2,” allows remote extraction of sensitive credentials, enabling broader network access.
– Evidence shows the bug has been exploited since mid-June, with a surge in scans for vulnerable devices after details were published.
– CISA considers the flaw a “significant risk” to federal systems, mandating patches by Friday for affected agencies.
– Citrix has not confirmed active exploitation but urges customers to update affected devices promptly.
Federal agencies are scrambling to patch a critical Citrix vulnerability after cybersecurity officials confirmed active exploitation by hackers. The flaw, unofficially named “Citrix Bleed 2” due to its resemblance to a 2023 NetScaler security issue, allows attackers to steal credentials and infiltrate corporate networks.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent directive requiring government systems to apply fixes within 24 hours. Researchers warn that malicious actors have been targeting unpatched devices since at least June, with scans for vulnerable systems spiking after technical details became public.
NetScaler, a widely adopted networking solution, enables remote access to internal applications, making it a high-value target. Exploiting this flaw grants attackers deep access to organizational systems, posing severe risks to both private and public sector infrastructure. While Citrix has released patches, the company has not officially confirmed reports of active attacks.
Security firms like Akamai observed a surge in scanning activity as hackers raced to identify exposed systems. Federal agencies now face heightened scrutiny, with CISA emphasizing the “significant risk” posed by delayed updates. Organizations relying on Citrix products are urged to prioritize patching to prevent credential theft and potential network breaches.
Despite repeated inquiries, Citrix has not commented on the exploitation claims. Its public advisories continue to stress the importance of immediate updates for all affected devices.
(Source: TechCrunch)
