Securden Unified PAM is a comprehensive privileged access management platform that is used to store, manage, and monitor credentials across human, machine, and AI identities in a variety of environments. Security researchers discovered four critical vulnerabilities in this platform during a series of ongoing red teaming operations using Rapid7’s Vector Command service. These flaws, spanning […]
The post Securden Unified PAM Flaw Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The group of experts sided with Google against the makers of Fortnite in the long-running antitrust battle.
The post Court ruling in Epic-Google fight could have ‘catastrophic’ cyber consequences, former gov’t officials say appeared first on CyberScoop.
When every minute counts, it’s important to have access to fresh threat intelligence at the tip of your finger. That’s what all high-performing SOC teams have in common. Learn where to get relevant threat data for free and how to triage incidents in seconds using it. Getting & Applying Free Threat Intelligence Enriching your indicators […]
The post How SOCs Triage Incidents in Seconds with Threat Intelligence appeared first on Cyber Security News.
A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. Dubbed “PromptLock” by the ESET Research team that discovered it, the malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack […]
The post First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption appeared first on Cyber Security News.
A sophisticated credential harvesting campaign has emerged targeting ScreenConnect cloud administrators with spear phishing attacks designed to steal super administrator credentials. The ongoing operation, designated MCTO3030, has maintained consistent tactics since 2022 while operating largely undetected through low-volume distribution strategies that send up to 1,000 emails per campaign run. The campaign specifically targets senior IT […]
The post New Attack Targeting ScreenConnect Cloud Administrators to Steal Login Credentials appeared first on Cyber Security News.
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. Organizations are urged to patch immediately.
BackgroundOn August 26, Citrix published a security advisory for three vulnerabilities, including CVE-2025-7775, a zero-day vulnerability which has been exploited against its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances:
CVEDescriptionCVSSv4CVE-2025-7775Citrix NetScaler ADC and Gateway Unauthenticated Remote Code Execution (RCE) and Denial of Service (DoS) Vulnerability9.2CVE-2025-7776Citrix NetScaler ADC and Gateway DoS Vulnerability8.8CVE-2025-8424Citrix NetScaler ADC and Gateway Improper Access Control Vulnerability8.7AnalysisCVE-2025-7775 is a RCE vulnerability affecting NetScaler ADC and Gateway appliances. An unauthenticated attacker could exploit this vulnerability to execute arbitrary code or cause a DoS condition on an affected device. According to the security advisory from Citrix, exploitation has been observed prior to the advisory and patches being made public.
While Citrix only confirmed exploitation of CVE-2025-7775, two additional vulnerabilities were patched as part of the same security advisory.
CVE-2025-7776 is a DoS vulnerability affecting NetScaler ADC and Gateway appliances. An authenticated attacker can trigger a memory overflow vulnerability in order to cause a DoS condition on an affected device. Devices that have been configured as a Gateway with a bounded PCoIP Profile are affected by this vulnerability.
CVE-2025-8424 is an improper access control vulnerability affecting NetScaler ADC and Gateway appliances. While no privileges are required to exploit this vulnerability, an attacker would need access to “NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access” in order to take advantage of this flaw.
ADC and Gateway Historically Targeted by Attackers
Citrix’s NetScaler ADC and Gateway appliances have been a valuable target for attackers over the last several years. Vulnerabilities including CVE-2022-27518 and CVE-2019-19781 have been favored by attackers. This includes attacks from Chinese state-sponsored threat actors, Iranian-based threat actors, Russian state-sponsored threat groups as well as ransomware groups. Additionally, CVE-2019-19781 was featured as one of the Top 5 vulnerabilities in our 2020 Threat Landscape Retrospective report.
More recently, Citrix NetScaler ADC and Gateway have been targeted by vulnerabilities known as CitrixBleed and CitrixBleed 2. CVE-2023-4966, known as CitrixBleed, was first disclosed in October 2023 after it was discovered as being exploited as a zero-day. Attacks continued to ramp up and the flaw was widely exploited by multiple ransomware groups and additional threat actors. CVE-2025-5777, known as CitrixBleed 2, was disclosed in June of this year. Multiple security researchers and outlets reported that CitrixBleed 2 was also exploited as a zero-day.
Due to the historical exploitation against NetScaler ADC and Gateway appliances, we strongly urge organizations to patch CVE-2025-7775 as soon as possible.
Proof of conceptAt the time this blog post was published, no public proof-of-concept (PoC) had been identified for any of these vulnerabilities. However, given the historical exploitation of Citrix NetScaler ADC and Gateway and the reported usage of CVE-2025-7775 as a zero-day, we anticipate that exploit code may become available soon.
SolutionCitrix has released patches for these vulnerabilities as outlined in the table below:
Affected ProductAffected VersionFixed VersionNetScaler ADC and NetScaler Gateway13.1 before 13.1-59.2213.1-59.22 and later releases of 13.1NetScaler ADC and NetScaler Gateway14.1 before 14.1-47.4814.1-47.48 and later releasesNetScaler ADCADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP13.1-37.241-FIPS and NDcPP and later releasesNetScaler ADC12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP12.1-55.330-FIPS and NDcPP and later releasesNote: NetScaler ADC and NetScaler Gateway version 12.1 and 13.0 are End Of Life (EOL). Customers are recommended to upgrade their appliances to a supported version that addresses these vulnerabilities.
Identifying affected systemsA list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.
Additionally, customers can utilize Tenable Attack Surface Management to identify public facing NetScaler ADC and Gateway assets by using the following subscription:
Get more informationJoin Tenable's Research Special Operations (RSO) Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the “ransome” command, these full-screen overlays embed HTML […]
The post New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.