Brutkey

Kevin Beaumont
@GossiTheDog@cyberplace.social

There’s a bit more in situation at the OM on Netscaler here: https://www.volkskrant.nl/binnenland/openbaar-ministerie-mogelijk-nog-weken-afgesloten-van-internet-probeert-impact-op-rechtszaken-te-beperken~b6e19434/

The OM say they patched quickly (and my scan data backs this up - they patched around June 24th) however it appears somebody got in (or took a session cookie) before patching took place and now they’re trying to contain the situation.

Kevin Beaumont
@GossiTheDog@cyberplace.social

The NCSC are strongly advising orgs to follow the advice on my blog re #CitrixBleed2, in hindsight I probably shouldn’t have drawn the logo in MSPaint and titled a section β€œChina goes brrrr”.

Kevin Beaumont
@GossiTheDog@cyberplace.social

I think this thread exposes something about the cybersecurity industry and org posture btw - it almost all runs on Windows and EDR telemetry, hence why there’s little info on this from vendors (Netscaler is closed box appliance - they’re flying blind) and why orgs aren’t seeing anything, they don’t know how without vendors.

I keep contacting orgs and they have no idea they are compromised or how to investigate.

#CitrixBleed2

Kevin Beaumont
@GossiTheDog@cyberplace.social

The Dutch Public Prosecution Service #CitrixBleed2 incident rolls on - NRC report on an email from the Director of their IT service, where they say β€œIt is clear that it’s a massive and dramatic incident”.

https://www.nrc.nl/nieuws/2025/07/22/digitale-werkomgeving-om-inderdaad-gehackt-onderzoek-moet-uitwijzen-welke-informatie-is-gestolen-a4901019

Kevin Beaumont
@GossiTheDog@cyberplace.social

The Dutch Public Prosecution Service Citrix Netscaler incident is rumbling on. They are working on service recovery.

https://www.databreachtoday.com/dutch-prosecutors-recover-from-suspected-russian-hack-a-29129

#CitrixBleed2

Kevin Beaumont
@GossiTheDog@cyberplace.social

I've updated my CitrixBleed2 scan results for the first time in two weeks (I've been on holiday).

https://raw.githubusercontent.com/GossiTheDog/scanning/refs/heads/main/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt

2637 orgs still vuln