U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems.
Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking product that large companies and governments rely on for allowing their staff to remotely access apps and other resources on their internal networks. Much like the earlier bug, Citrix Bleed 2 can be remotely exploited to extract sensitive credentials from an affected NetScaler device, allowing the hackers broader access to a company’s wider network.
In an alert on Thursday, CISA said it had evidence that the bug was being actively used in hacking campaigns, adding to the raft of research and findings pointing to widespread exploitation, with some reporting hacks dating back as far as mid-June. Akamai said it saw a “drastic increase” in efforts to scan the internet for affected devices after details of the NetScaler exploit were published earlier this week.
CISA said the NetScaler bug poses a “significant risk” to the federal government’s systems, and ordered federal government agencies to patch any Citrix device affected by the bug by Friday.
For its part, Citrix has not yet acknowledged that the vulnerability is being exploited. The company’s security advisory urges customers to update affected devices as soon as possible.
Citrix representatives did not respond to TechCrunch’s request for comment.
Original Source: https://techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/
Disclaimer: This article is a reblogged/syndicated piece from a third-party news source. Content is provided for informational purposes only. For the most up-to-date and complete information, please visit the original source. Digital Ground Media does not claim ownership of third-party content and is not responsible for its accuracy or completeness.
