🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw

Vulnerability detection script available here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-3055.yaml

Patches are available as per Citrix's advisory:
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

➡️ CVE-2026-3055 👀
👇
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

• CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
  Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

  • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> https://cve.circl.lu/search?q=CVE-2026-3055 )

#cyberveille #CVE_2026_3055 #infosec

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/bundle/1ae9c3df-c65f-4755-b3a9-4d76f8c0e772

#Citrix Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of #CitrixBleed!

Defenders need to act quickly. Patch Now!
👇
https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

📰 URGENT: Oracle Patches Critical 9.8 CVSS Unauthenticated RCE Flaw

📢 URGENT PATCH: Oracle has issued an emergency fix for CVE-2026-21992, a critical 9.8 CVSS unauthenticated RCE flaw in Identity Manager. Unpatched systems can be fully compromised. Patch immediately! 🚨 #Oracle #CyberSecurity #RCE #PatchNow

🔗 https://cyber.netsecops.io/articles/oracle-issues-emergency-patch-for-critical-rce-flaw-cve-2026-21992/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. https://www.securityweek.com/oracle-releases-emergency-patch-for-critical-identity-manager-vulnerability/

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html

Short summary: https://hackerworkspace.com/article/hackers-exploit-cve-2025-32975-cvss-10-0-to-hijack-unpatched-quest-kace-sma-systems

#cybersecurity #vulnerability #exploit

📰 Warning: Critical 10.0 CVSS Quest KACE Flaw from 2025 Now Actively Exploited

🔥 ACTIVE EXPLOITATION: A year-old, 10.0 CVSS flaw in Quest KACE SMA (CVE-2025-32975) is now being actively exploited. Attackers are gaining full admin control, deploying Mimikatz, and moving laterally. Patch and isolate from the internet NOW! #CVE

🔗 https://cyber.netsecops.io/articles/old-quest-kace-vulnerability-cve-2025-32975-actively-exploited/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

➡️ CVE-2026-3055 👀
👇
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

• CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
  Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

  • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> https://cve.circl.lu/search?q=CVE-2026-3055 )

#cyberveille #CVE_2026_3055 #infosec

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/bundle/1ae9c3df-c65f-4755-b3a9-4d76f8c0e772

#Citrix Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of #CitrixBleed!

Defenders need to act quickly. Patch Now!
👇
https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

There has been a lot of sloppy reporting regarding DarkSword, with basically every news outlet saying that iOS 18 is vulnerable. It’s not, if you have the latest 18.7.3.

Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

#iOS #DarkSword

@peternlewis sloppy reporting, as usual.

Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

Unfortunately it looks like CVE-2025-43520 was patched in iOS 26.1b4, the exact build I happened to leave my test device on...

I might play around with it on my Mac or in one of the new iOS pccvre VMs though.

Critical patch alert: The US government has ordered a maximum severity patch for a Cisco vulnerability (CVE-2026-20131) that's being exploited in ransomware campaigns.

Read more: https://steelefortress.com/86cy1e

#Encryption #ThreatIntel #Security #DataPrivacy #CyberDefense

Notepad++ 8.9.3 mit einigen Korrekturen und einer berbesserten SIcherheit für cURL (CVE-2025-14819)

https://www.deskmodder.de/blog/2026/03/24/notepad-8-9-3-mit-einigen-korrekturen-und-einer-berbesserten-sicherheit-fuer-curl-cve-2025-14819/

Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock.

#Cybersecurity #GeopoliticalNews #TechBrief

🚨 In this week’s threat alert, CrowdSec reports on CVE-2026-1207, a critical Django SQL injection vulnerability now actively exploited in the wild. Attackers are targeting GeoDjango setups using PostGIS with focused reconnaissance. Notably, this vulnerability hasn’t yet been added to the CISA KEV catalog.

Learn how the vulnerability works and how to secure your systems in our latest article: https://www.crowdsec.net/vulntracking-report/cve-2026-1207

Dios mio! While researching a particular type of Colombian folk music, we stumbled across a .edu domain selling... accordions? Our first thought was potentially domain hijacking, but it appears to be more likely an exploitation of CVE-2026-27210 (TLDR; cross-site scripting). While the vulnerability has been patched in the plugin itself, not all pages have updated their plugins, and search engines have already indexed the poisoned pages! Pivoting led to 50+ additional domains found spread across three risky TLDs: .sbs, .pics, and .shop. The domains on .sbs and .pics appear to be config servers to exploit the vulnerability; the domains on .shop are the landing pages where victims can be scammed.

IOCs:
000o[.]sbs,0pen[.]sbs,123buys[.]shop,123me[.]shop,1bg[.]pics,1ki[.]pics,1mage[.]sbs,1ql[.]pics,1ty[.]pics,1vi[.]pics,1wr[.]pics,2ty[.]pics,569oagri[.]shop,66buys[.]shop,6ip[.]pics,6ym[.]pics,7rt[.]pics,8pi[.]pics,99buys[.]shop,99i[.]pics,9gwe[.]shop,a25n[.]shop,bk2[.]pics,bk59t[.]shop,buysok[.]shop,c68k[.]shop,cc1[.]pics,doo[.]pics,ep7[.]pics,estore-1[.]com,g9gvv[.]sbs,gaer896[.]shop,gm5[.]pics,gosok[.]shop,gt3[.]pics,h66p[.]shop,hh6[.]pics,iilvw[.]sbs,im9[.]pics,img1[.]sbs,in6[.]pics,jj3[.]pics,kk9[.]pics,lilil[.]sbs,llvvw[.]sbs,m66p6[.]shop,mebuys[.]shop,mg6[.]pics,mh8f6k[.]shop,mkk[.]pics,ms1[.]pics,nn6[.]pics,onsgs[.]com,p6[.]pics,p888p[.]shop,pan1[.]top,pic1[.]sbs,pic2[.]sbs,pt11[.]sbs,py3y[.]com,qq1[.]pics,rey89p[.]shop,shop56[.]shop,t88t8[.]shop,tp1[.]pics,tp9[.]pics,trues[.]sbs,up9[.]pics,upimg[.]sbs,uu2[.]pics,vt5[.]pics,vteyu[.]shop,vvf1[.]sbs,vvp1[.]sbs,w2w[.]pics,w88p[.]shop,wp59q[.]shop,wvlll[.]sbs,wvv1[.]sbs,wvvvv[.]sbs,x2p[.]pics,xyaer548[.]shop,yi1[.]pics

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #seo_poisoning #seopoisoning