Tag

In The Wild

All articles tagged with #in the wild

security12 days ago•11 min saved

Dual memory-overread flaws unlock Citrix NetScaler doors (CVE-2026-3055) Part 2

Security researchers from watchTowr Labs report that CVE-2026-3055 encompasses at least two memory-overread flaws in Citrix NetScaler. Exploitation hinges on an empty wctx parameter in /wsfed/passive?wctx, leaking memory (via the NSC_TASS cookie) and potentially exposing authenticated admin session IDs. In-the-wild activity has begun, suggesting that patches may not cover all variants. The post includes a Detection Artifact Generator for defenders and notes that a further instance was reported to Citrix, highlighting ongoing risk for misconfigured NetScaler deployments (e.g., when used as a SAML IDP).

via watchTowr Labs|

#citrix-netscaler #cve-2026-3055 #in-the-wild

security1 month ago•5 min saved

BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates

Threat actors are actively exploiting BeyondTrust CVE-2026-1731 (CVSS 9.9) in the wild by abusing get_portal_info to harvest the x-ns-company value before WebSocket setup, enabling unauthenticated remote code execution; BeyondTrust notes PRA v25.1+ do not require patching, while RS requires the BT26-02-RS patch (v21.3–25.3.1) and PRA patch (BT26-02-PRA, v22.1–24.X); watchTowr, GreyNoise/Defused Cyber, and Arctic Wolf report rapid activity and persistence attempts using SimpleHelp and PSexec; CISA added CVE-2026-1731 to KEV with federal patch deadlines by Feb 16, 2026, and KEV also lists other flaws (CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, CVE-2024-43468).

via The Hacker News|

#beyondtrust #cisa-kev #cve-2026-1731