CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding active exploitation of a critical security flaw in a widely used Citrix product. The agency has given federal government departments a stringent one-day deadline to patch their vulnerable systems, underscoring the severity of the threat.
Security researchers have dubbed this newly identified vulnerability “Citrix Bleed 2,” drawing a parallel to a significant 2023 security flaw in Citrix NetScaler. NetScaler, a vital networking product, is extensively relied upon by major corporations and government entities to facilitate secure remote access for their personnel to internal applications and resources. Much like its predecessor, Citrix Bleed 2 enables remote attackers to extract sensitive credentials from an affected NetScaler device, potentially granting them pervasive access to an organization’s broader network infrastructure.
In a pressing alert issued on Thursday, CISA confirmed that it possesses concrete evidence of this bug being actively leveraged in ongoing hacking campaigns. This official confirmation reinforces a growing body of research and findings from various cybersecurity firms, all pointing to widespread exploitation. Some reports even suggest that initial exploitations of this vulnerability date back as far as mid-June. Notably, Akamai observed a “drastic increase” in efforts to scan the internet for vulnerable devices shortly after the technical details of the NetScaler exploit became publicly available earlier this week, signaling a rapid escalation in malicious activity.
CISA has explicitly stated that the NetScaler bug poses a “significant risk” to the operational integrity and security of federal government systems. Consequently, the agency has mandated that all federal government agencies apply necessary patches to any Citrix devices impacted by this critical flaw by Friday, emphasizing the immediate need for remediation to mitigate potential breaches.
Despite the widespread reports of active exploitation and CISA’s urgent directive, Citrix has not yet officially acknowledged that the vulnerability is being exploited in the wild. The company’s latest security advisory, however, strongly advises customers to update their affected devices without delay, underscoring the importance of proactive security measures. When contacted for comment, Citrix representatives did not provide an immediate response to TechCrunch’s inquiries.
