CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe | CyberScoop<\/title> <meta name=\"description\" content=\"The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/citrixbleed2-exploits-spread\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe\"> <meta property=\"og:description\" content=\"The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/citrixbleed2-exploits-spread\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-14T21:46:39+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-14T21:46:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1752075323g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85172\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85172\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcitrixbleed2-exploits-spread%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcitrixbleed2-exploits-spread%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85172 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/citrixbleed2-exploits-spread\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.568725099602\">\n<div class=\"single-article__header-content\" readability=\"36.545045045045\">\n<p> The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85172\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Citrix offices, California\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Citrix offices in Santa Clara, California. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"57.707235142119\"><body readability=\"118.12871287129\"><\/p>\n<p>Authorities and researchers are intensifying warnings about active exploitation and pervasive scanning of a critical vulnerability affecting multiple versions of Citrix NetScaler products.<\/p>\n<p>There is now widespread agreement among security professionals that the critical vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5777\">CVE-2025-5777<\/a>, which <a href=\"https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX693420\">Citrix disclosed June 17<\/a>, is serious and harkens back to a 2023 defect in the same products: \u201c<a href=\"https:\/\/cyberscoop.com\/lockbit-boeing-ransomware-com\/\">CitrixBleed<\/a>,\u201d or <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-4966\">CVE-2023-4966<\/a>. Naturally, threat hunters are scrambling to assess and stop the strikingly similar challenges summoned by exploits of the newest CVE. <\/p>\n<p>For some Citrix customers, the warnings are too late. Vulnerability scans confirm active exploits occurred within a week of disclosure, and attackers have been swarming, hunting for exposed instances of the impacted devices since exploit details were publicly released earlier this month. <\/p>\n<p>\u201cThis vulnerability in Citrix NetScaler ADC and Gateway systems, also referred to as CitrixBleed 2, poses a significant, unacceptable risk to the security of the federal civilian enterprise,\u201d Chris Butera, acting executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said in a statement. CISA added the exploit to its <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/10\/cisa-adds-one-known-exploited-vulnerability-catalog\">known exploited vulnerabilities catalog<\/a> on July 10.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAs America\u2019s cyber defense agency and the operational lead for federal civilian cybersecurity, CISA is taking urgent action by directing agencies to patch within 24 hours and we encourage all organizations to patch right away,\u201d Butera added. The agency typically requires agencies to resolve \u201chigh risk\u201d vulnerabilities within 30 days and \u201ccritical risk\u201d vulnerabilities within 15 days.<\/p>\n<p>The pre-authentication remote memory disclosure vulnerability, which has a CVSS score of 9.3, has been increasingly targeted for attacks globally. Imperva researchers on Friday said they\u2019ve observed <a href=\"https:\/\/www.imperva.com\/blog\/cve-2025-5777-exposes-citrix-netscaler-to-dangerous-memory-leak-attacks\/\">more than 11.5 million attack attempts<\/a> targeting thousands of sites since the exploit was disclosed. <\/p>\n<p>\u201cAttackers appear to be scanning extensively for exposed instances and attempting to exploit the memory-leak vulnerability to harvest sensitive data,\u201d Imperva researchers said in a blog post.<\/p>\n<p>Nearly 2 in 5 attack attempts have targeted sites in the financial services industry and 3 in 5 of those targeted sites are based in the United States, according to Imperva.<\/p>\n<p>GreyNoise scans have <a href=\"https:\/\/viz.greynoise.io\/tags\/citrixbleed-2-cve-2025-5777-attempt?days=90\">observed 22 unique malicious IPs<\/a> attempting to exploit CVE-2025-5777 thus far. The first malicious IP was observed June 23 and a spike of 11 unique malicious IPs was observed Friday. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cI haven\u2019t seen any attrition yet. This could be as bad or even worse than CitrixBleed,\u201d Dustin Childs, head of threat awareness at Trend Micro\u2019s Zero Day Initiative, told CyberScoop. \u201cThe attack is very repeatable and those systems rarely have network monitoring. They also aren\u2019t regularly updated, so patching them may be an issue.\u201d<\/p>\n<p>The number of Citrix customers already impacted remains unknown and victims have yet to come forward. <\/p>\n<p>\u201cA lot of the attacks seem opportunistic, so there are likely multiple threat actors using the bug,\u201d Childs said.<\/p>\n<p>Citrix maintains there was no evidence of active exploitation when it disclosed the vulnerability. The vendor hasn\u2019t shared much publicly in almost three weeks, other than an <a href=\"https:\/\/www.netscaler.com\/blog\/news\/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777\/\">update in a June 26 blog post<\/a> noting that CISA was aware of evidence of active exploitation. The company did not respond to a request for comment.<\/p>\n<p>In the June blog post, Anil Shetty, senior vice president of engineering at NetScaler, disputed comparisons between CVE-2025-5777 and CVE-2023-4966. \u201cWhile the vulnerabilities share some characteristics, Cloud Software Group has found no evidence to indicate that they are related,\u201d Shetty wrote. Cloud Software Group is the parent company of Citrix.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers are also leveling criticism at Citrix for the relative ease by which an attacker can compromise a vulnerable instance of Citrix NetScaler with just a few requests. <\/p>\n<p>\u2018\u201cThe term \u201cCitrixBleed\u2019 is used because the memory leak can be triggered repeatedly by sending the same payload, with each attempt leaking a new chunk of stack memory \u2014 effectively bleeding sensitive information,\u201d Akamai Security Intelligence Group said in a <a href=\"https:\/\/www.akamai.com\/blog\/security-research\/mitigating-citrixbleed-memory-vulnerability-ase\">blog post<\/a>.<\/p>\n<p>Akamai researchers described the root cause of the vulnerability as \u201can uninitialized login variable, combined with improper memory handling, lack of input validation and missing error handling in Citrix NetScaler\u2019s authentication logic.\u201d<\/p>\n<p>Zach Edwards, an independent cybersecurity researcher, told CyberScoop that CVE-2025-5777 and CVE-2023-4966 are \u201cextremely similar,\u201d aside from subtle differences in the versions of NetScaler impacted.<\/p>\n<p>\u201cThe fact that these pre-authentication vulnerabilities keep coming up, which can facilitate complete compromises, is disappointing to see,\u201d Edwards said. \u201cIt\u2019s unclear how these significant vulnerabilities keep making their way through development processes, but Citrix clients, especially in the government and enterprise sectors, should be demanding more and requiring additional public context about the steps Citrix takes to test its software prior to a release.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.2771739130435\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/citrixbleed2-exploits-spread\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CitrixBleed 2 beckons sweeping alarm as exploits spread across the<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1209,4133,4572,1765,282,78,452,2659,4357,4573,4485,256,288,3172,643,2281],"tags":[668,4137,4574,1770,286,86,454,2661,4359,4575,4486,262,294,3174,645,2283],"class_list":["post-7799","post","type-post","status-publish","format-standard","hentry","category-cisa","category-citrix","category-citrixbleed","category-cve","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-exploit","category-greynoise","category-imperva","category-netscaler","category-research","category-threats","category-trend-micro","category-vulnerabilities","category-vulnerability","tag-cisa","tag-citrix","tag-citrixbleed","tag-cve","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-exploit","tag-greynoise","tag-imperva","tag-netscaler","tag-research","tag-threats","tag-trend-micro","tag-vulnerabilities","tag-vulnerability"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/citrix\/\" rel=\"category tag\">Citrix<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/citrixbleed\/\" rel=\"category tag\">CitrixBleed<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/greynoise\/\" rel=\"category tag\">greynoise<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/imperva\/\" rel=\"category tag\">Imperva<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/netscaler\/\" rel=\"category tag\">NetScaler<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trend-micro\/\" rel=\"category tag\">Trend Micro<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a>","tag_info":"vulnerability","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7799"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7799\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7799,"date":"2025-07-14T16:46:39","date_gmt":"2025-07-14T21:46:39","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85172"},"modified":"2025-07-14T16:46:39","modified_gmt":"2025-07-14T21:46:39","slug":"citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/14\/citrixbleed-2-beckons-sweeping-alarm-as-exploits-spread-across-the-globe\/","title":{"rendered":"CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe"},"content":{"rendered":"