Citrix Denied Attacks as Hackers Hit Weeks Earlier

A critical vulnerability in Citrix NetScaler, identified as CVE-2025-5777 and known as CitrixBleed 2, was exploited nearly two weeks before public proof-of-concept (PoC) exploits emerged. During that period, Citrix denied attacks were taking place, stating there was no evidence of active exploitation. Security researchers later confirmed that threat actors had already launched attacks targeting this flaw before the release of PoC code.

The vulnerability allows attackers to bypass authentication and gain unauthorized access to sensitive data. Despite early indicators of malicious activity, Citrix denied attacks had occurred, maintaining its initial position in public disclosures. The flaw affects a widely used remote access solution, increasing concerns about potential business impact and data compromise.

Security experts urge organizations using Citrix NetScaler to apply patches immediately and monitor systems for signs of intrusion. The timeline of exploitation raises questions about early detection and response.

Read the full article here:
https://www.bleepingcomputer.com/news/security/citrix-bleed-2-exploited-weeks-before-pocs-as-citrix-denied-attacks/