The Canadian government cyber centre are this weekend recommending all orgs review historic logs for #CitrixBleed2 compromise, and reset all user sessions https://www.cyber.gc.ca/en/alerts-advisories/vulnerabilities-impacting-citrix-netscaler-adc-netscaler-gateway-cve-2025-5349-cve-2025-5777-cve-2025-6543
The Dutch Public Prosecution Service (OM), which took their systems offline due to #CitrixBleed2 on Friday, are saying they will be offline for weeks. https://nos.nl/artikel/2575857 HT @moartn@tacobelllabs.net
Thereβs a bit more in situation at the OM on Netscaler here: https://www.volkskrant.nl/binnenland/openbaar-ministerie-mogelijk-nog-weken-afgesloten-van-internet-probeert-impact-op-rechtszaken-te-beperken~b6e19434/
The OM say they patched quickly (and my scan data backs this up - they patched around June 24th) however it appears somebody got in (or took a session cookie) before patching took place and now theyβre trying to contain the situation.
The NCSC are strongly advising orgs to follow the advice on my blog re #CitrixBleed2, in hindsight I probably shouldnβt have drawn the logo in MSPaint and titled a section βChina goes brrrrβ.
I think this thread exposes something about the cybersecurity industry and org posture btw - it almost all runs on Windows and EDR telemetry, hence why thereβs little info on this from vendors (Netscaler is closed box appliance - theyβre flying blind) and why orgs arenβt seeing anything, they donβt know how without vendors.
I keep contacting orgs and they have no idea they are compromised or how to investigate.
#CitrixBleed2
The Dutch Public Prosecution Service #CitrixBleed2 incident rolls on - NRC report on an email from the Director of their IT service, where they say βIt is clear that itβs a massive and dramatic incidentβ.
https://www.nrc.nl/nieuws/2025/07/22/digitale-werkomgeving-om-inderdaad-gehackt-onderzoek-moet-uitwijzen-welke-informatie-is-gestolen-a4901019
The Dutch Public Prosecution Service Citrix Netscaler incident is rumbling on. They are working on service recovery.
https://www.databreachtoday.com/dutch-prosecutors-recover-from-suspected-russian-hack-a-29129
#CitrixBleed2
I've updated my CitrixBleed2 scan results for the first time in two weeks (I've been on holiday).
https://raw.githubusercontent.com/GossiTheDog/scanning/refs/heads/main/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt
2637 orgs still vuln
Kevin Beaumont