Tag

Citrixbleed

All articles tagged with #citrixbleed

CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed
security10 days ago

CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed

Security researchers reveal CVE-2026-8451, a memory overread in Citrix NetScaler appliances (ADC/Gateway) triggered when configured as a SAML IdP. A lax XML attribute parser can overread input, leaking data such as IDs and assertion URLs via the NSC_TASS cookie and potentially exposing memory contents. Citrix has issued patches after extensive analysis and demonstrations by watchTowr, highlighting ongoing memory-management weaknesses in NetScaler devices.

Massive Data Breach: Xfinity Hack Exposes Millions of Customer Records
cybersecurity2 years ago

Massive Data Breach: Xfinity Hack Exposes Millions of Customer Records

Hackers exploited a critical security vulnerability known as "CitrixBleed" to gain access to the sensitive information of nearly 36 million Xfinity customers. The vulnerability, found in Citrix networking devices, has been under mass-exploitation since August. Xfinity confirmed that hackers had access to its internal systems between October 16 and 19, but the malicious activity was not detected until October 25. Customer data, including usernames, hashed passwords, names, contact information, dates of birth, and partial Social Security numbers, may have been accessed. Comcast has not disclosed the exact number of affected customers but confirmed that almost 35.8 million customers are impacted. The company is requiring customers to reset their passwords and recommends the use of two-factor authentication.

cybersecurity2 years ago

Citrix Bleed Vulnerability Exploited by LockBit Ransomware Affiliates

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint advisory with the FBI, MS-ISAC, and ASD's ACSC, warning about the LockBit 3.0 ransomware exploiting the Citrix Bleed vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. LockBit 3.0 affiliates have been observed using this vulnerability to bypass password requirements and multifactor authentication, allowing them to hijack legitimate user sessions and gain elevated permissions to harvest credentials and access data. Network administrators are urged to apply necessary software updates and implement mitigations to protect against this ransomware threat.