All news with #citrix netscaler tag

Tue, October 21, 2025

Snappybee, Citrix Flaw Used to Breach European Telecom

#Active Exploitation #Backdoor Found #DLL Hijacking #Citrix NetScaler

🔒 A European telecommunications organization was targeted in the first week of July 2025, according to Darktrace, with a threat actor linked to the China-associated group Salt Typhoon gaining initial access via a vulnerable Citrix NetScaler Gateway. The intruders pivoted to Citrix VDA hosts in an MCS subnet and used SoftEther VPN to mask their origin. They deployed Snappybee (aka Deed RAT) via DLL side-loading alongside legitimate antivirus executables; the backdoor called home to aar.gandhibludtric[.]com. Darktrace says the activity was detected and remediated before significant escalation.

Thu, August 28, 2025

Citrix warns of NetScaler ADC/Gateway zero-day exploit

#Active Exploitation #Citrix #Citrix NetScaler #Patch #RCE #Zero-Day

⚠️ Citrix has warned of multiple zero-day vulnerabilities in NetScaler ADC and NetScaler Gateway, highlighting CVE-2025-7775 as being actively exploited. The critical issue is a memory overflow that can lead to denial of service or remote code execution on appliances meeting specific configuration preconditions. Citrix provides CLI checks to identify affected devices but reports no mitigations or workarounds, and researchers estimate a large percentage of appliances remain unpatched. Administrators are urged to prioritize patching immediately.

Wed, August 27, 2025

Citrix Patches NetScaler Zero-Days as Active Exploits Continue

#Active Exploitation #Auth Bypass #Backdoor Found #Citrix NetScaler #Heap Overflow #KEV Added #Patch #RCE #Security Advisory #Zero-Day

🔒Citrix has released patches for three critical zero-day vulnerabilities in NetScaler ADC and NetScaler Gateway (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424), including pre-auth remote code execution observed in the wild. The vendor provided fixes for affected 14.1, 13.1 and 12.1-FIPS/NDcPP builds and said no workaround is available. Security researchers and CISA urged immediate patching and forensic checks for potential backdoors.

Tue, August 26, 2025

CISA Adds CVE-2025-7775 for Citrix NetScaler Memory Overflow

#Active Exploitation #Citrix NetScaler #KEV Added #Patch #Security Advisory

🔔 CISA has added CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. This class of flaw is a frequent attack vector and presents significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged KEVs by the specified due date. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.