Citrix on this one:
"At this time, there have been no reports or indications that the vulnerabilities described in CTX693420 (CVE-2025-5349 and CVE-2025-5777) are being actively exploited in the wild. However, due to the critical severity of these issues (CVSS scores of 8.7 and 9.3), We strongly recommends that affected customers apply the updated patches immediately to mitigate any potential risks."
NHS Digital's cyber alert database has been updated too. https://digital.nhs.uk/cyber-alerts/2025/cc-4670
I highly recommend bookmarking this site for the alerts, they're really good at filtering noise:
https://digital.nhs.uk/cyber-alerts
E.g. if you select 'high' category, there's only one a month on average
A bit more on this. https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
Citrix on this one:
"At this time, there have been no reports or indications that the vulnerabilities described in CTX693420 (CVE-2025-5349 and CVE-2025-5777) are being actively exploited in the wild. However, due to the critical severity of these issues (CVSS scores of 8.7 and 9.3), We strongly recommends that affected customers apply the updated patches immediately to mitigate any potential risks."
Worth noting that every write up says this vuln applies to the management interface - but that isnβt true, itβs because the initial CVE entry was wrong, and nobody does CVE entry updates in write ups.
A bit more on this. https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
TCS have told shareholders their systems were not compromised in the hack of M&S.
As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems.
https://www.reuters.com/business/media-telecom/indias-tcs-says-none-its-systems-were-compromised-ms-hack-2025-06-19/
Latest Marks and Spencer update is pretty crazy.
M&S haven't been able to supply sales data - so the British Retail Consortium (BRC) - used by the UK government as as economic indicator - basically made up figures for M&S and didn't tell people they had done this.
https://www.telegraph.co.uk/business/2025/06/24/retail-lobby-group-accused-of-ms-cyber-cover-up/
An update on CVE-2025-5777, explaining why orgs should identify systems and patch.
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
Worth noting that every write up says this vuln applies to the management interface - but that isnβt true, itβs because the initial CVE entry was wrong, and nobody does CVE entry updates in write ups.
Citrix Netscaler customers - keep calm and patch CVE-2025-5777 from Tuesday.
It allows unauth memory reads, has similarities to CitrixBleed (CVE-2023-4966) as may allow session token theft.
An update on CVE-2025-5777, explaining why orgs should identify systems and patch.
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
M&S still have no recruitment system, two months in.
TCS have told shareholders their systems were not compromised in the hack of M&S.
As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems.
https://www.reuters.com/business/media-telecom/indias-tcs-says-none-its-systems-were-compromised-ms-hack-2025-06-19/
Citrix Netscaler customers - keep calm and patch CVE-2025-5777 from Tuesday.
It allows unauth memory reads, has similarities to CitrixBleed (CVE-2023-4966) as may allow session token theft.
Marks and Spencer have started partial online shopping again.
For statto nerds, around 7 weeks from containment to partial recovery
https://www.bbc.co.uk/news/articles/c4gevk2x03go
M&S still have no recruitment system, two months in.
Signal have rolled out an update to all users that stops Microsoft Recall from capturing Signal conversations.
Iβve tested this and it works. Brilliant work by the @signalapp@mastodon.world team. πͺ
They call on Microsoft to build better, as there was no standardised way as an app developer to do this. Because Signal is open source, now app developers have a template to protect their users from Windows.
https://signal.org/blog/signal-doesnt-recall/
I found an interesting Microsoft Recall issue with the latest version - Recall is enabled on my PC, but the tray icon (bottom right) saying it is running is missing.
Edit: after a reboot, it's back. I'll keep an eye on it. After the latest Windows Update the UI wasn't visible, but it was still recording.
Kevin Beaumont