Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Dumb Co dared me to exchange my iPhone for a hacked phone

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Meta removes controversial AI feature on Instagram after backlash

    11 July 2026

    OpenAI launches its new family of models with GPT-5.6

    10 July 2026

    Fidji Simo resigns from the no. 2 role

    10 July 2026

    Nvidia is a victim of the PC market it created

    9 July 2026

    Google’s deepfake detection system used to debunk McConnell’s hoax

    9 July 2026
  • Apps

    Apple is suing OpenAI for alleged trade secret theft

    11 July 2026

    EU threatens Meta with fines for addictive features on Facebook and Instagram

    10 July 2026

    Instagram users: Here’s how to stop Meta’s AI from using your photos

    10 July 2026

    Anthropic’s new Claude ability quietly sells you on the AI

    9 July 2026

    Truecaller clashes with India’s telecom regulator over anti-spam rules

    9 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026

    Elon Musk praises Mythos/Fable, promises not to ‘cut’ Anthropic

    10 July 2026

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026
  • Media & Entertainment

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026
  • Security

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026
  • Startups

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026

    These AI startups are growing revenue at an ever-faster pace

    10 July 2026

    Popular Open Source AI Developer Tool Ollama Raises $65M, Grows to Nearly 9M Users

    9 July 2026

    With EU support, QuantumDiamonds aims to accelerate chip manufacturing

    9 July 2026
  • Transportation

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026

    Federal authorities are demanding that autonomous vehicle companies stop interfering with first responders

    9 July 2026

    Another massive data breach exposed millions of driver’s license numbers

    8 July 2026

    This startup brings dealers together to bid on your used car

    7 July 2026
  • Venture

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Hackers are exploiting the ‘CitrixBleed’ bug in the latest wave of massive cyber attacks
Security

Hackers are exploiting the ‘CitrixBleed’ bug in the latest wave of massive cyber attacks

techtost.comBy techtost.com24 November 202304 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Hackers Are Exploiting The 'citrixbleed' Bug In The Latest Wave
Share
Facebook Twitter LinkedIn Pinterest Email

Citrix customers urged to patch as ransomware gang takes credit for hacking major companies

They say security researchers hackers are mass exploiting a critical rating vulnerability in Citrix NetScaler systems to launch devastating cyber attacks against large organizations worldwide.

These cyberattacks have so far included aerospace giant Boeing. the world’s largest bank, ICBC. one of the largest port companies in the world, DP World. and international law firm Allen & Overy, according to reports.

Thousands of other organizations remain unpatched against the vulnerability, officially monitored as CVE-2023-4966 and named “CitrixBleed”. The majority of affected systems are located in North America, according to non-profit threat monitoring program Shadowserver Foundation. The US government’s cyber security agency CISA also sounded the alarm in an advisory urging federal agencies to repair against the flaw being actively exploited.

Here’s what we know so far.

What is CitrixBleed?

On October 10, network equipment maker Citrix disclosed the vulnerability affecting on-premise versions of the NetScaler ADC and NetScaler Gateway platforms, which are used by large enterprises and governments for application delivery and VPN connectivity.

The flaw is described as a sensitive information disclosure vulnerability that allows remote, unauthenticated attackers to extract large amounts of data from the memory of a vulnerable Citrix device, including sensitive session tokens (hence the name “CitrixBleed”). The flaw requires little effort or sophistication to exploit, allowing hackers to steal and use legitimate session tokens to compromise a victim’s network without needing a password or using two factors.

Citrix released patches, but a week later, on October 17, it updated its advisory to advise that it had observed an exploit in the wild.

Early victims include professional services, technology and government organizations, according to incident response giant Mandiantwhich said it launched the investigation after discovering “multiple instances of successful exploitation” as early as late August before Citrix made patches available.

Robert Knapp, head of incident response at cybersecurity firm Rapid7 — which also started investigating the error after identifying a potential exploit of the bug on a customer’s network — said the company has also noticed attackers targeting organizations across healthcare, manufacturing and retail.

“Rapid7 incident responders observed both lateral movement and data access during our investigations,” Knapp said, suggesting that hackers can gain broader access to victims’ network and data after an initial compromise.

Big casualties

Cybersecurity firm ReliaQuest said Last week has evidence that at least four threat groups – which it did not name – are using CitrixBleed, with at least one group automating the attack process.

One of the threat actors is believed to be the Russian-linked LockBit ransomware gang, which has already claimed responsibility for several large-scale breaches believed to be related to CitrixBleed.

Security researcher Kevin Beaumont wrote in a blog post On Tuesday that the LockBit gang last week broke into the US branch of the Industrial and Commercial Bank of China (ICBC) – said to be the world’s largest lender by assets – compromising an unpatched Citrix Netscaler box. The outage disrupted the banking giant’s ability to clear trades. According to Bloomberg on Tuesdaythe company has yet to restore normal operations.

ICBC, which reportedly paid LockBit’s ransom demand, declined to respond to TechCrunch’s questions, but said in a statement on its website that it “experienced a ransomware attack” that “resulted in an outage to some systems.”

LockBit representative he told Reuters on Monday that ICBC “paid a ransom – the deal was closed,” but provided no evidence for its claim. LockBit too said the vx-underground malware research team that ICBC paid a ransom, but declined to say how much.

Beaumont he said in a post on Mastodon that Boeing also had an unpatched Citrix Netscaler system at the time of the LockBit breach, citing data from Shodan, a search engine for exposed databases and devices.

Boeing spokesman Jim Proulx told TechCrunch that the company is “aware of a cyber incident affecting elements of our parts and distribution operations,” but did not comment on LockBit’s alleged publication of stolen data.

Allen & Overy, one of the world’s largest law firms, also operated an affected Citrix system at the time of its compromise, Beaumont noted. LockBit added both Boeing and Allen & Overy to its dark web leak site, which ransomware gangs commonly use to extort victims by publishing files unless victims pay a ransom.

Allen & Overy spokeswoman Debbie Spitz confirmed the law firm had experienced a “data incident” and said it was “assessing exactly what data was affected and we are notifying affected clients.”

The Medusa ransomware gang also exploits CitrixBleed to compromise targeted organizations, Beaumont said.

“We would expect CVE-2023-4966 to be one of the top vulnerabilities used regularly from 2023,” Rapid7 head of vulnerability research Caitlin Condon told TechCrunch.

attacks bug Citrix CitrixBleed Cyber cyber security data protection electronic attack exploiting hackers latest massive Penalties ransomware wave
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSaviu Ventures’ second fund reaches €12 million first close to support francophone startups in Africa
Next Article YouTube’s new teen safeguards limit repeat viewing of certain video topics and more
bhanuprakash.cg
techtost.com
  • Website

Related Posts

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026

Another massive data breach exposed millions of driver’s license numbers

8 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Dumb Co dared me to exchange my iPhone for a hacked phone

11 July 2026

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

11 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

These AI startups are growing revenue at an ever-faster pace

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.