It just never stops those Citrix vulnerabilities...
https://thecyberexpress.com/cve-2026-3055-citrix-netscaler-saml-idp/
#citrix #cybersecurity #cve

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data https://securityaffairs.com/190131/hacking/urgent-alert-netscaler-bug-cve-2026-3055-probed-by-attackers-could-leak-sensitive-data.html

⚠️ CVE-2026-3055 / Citrix NetScaler : la reconnaissance est en cours.

Des activités de reconnaissance ciblent déjà les appliances exposées, avec notamment des requêtes vers /cgi/GetAuthMethods pour identifier les configs exploitables, en particulier les environnements SAML IdP.
GBHackers relaie ces observations
👇
https://gbhackers.com/hackers-probe-citrix-netscaler-systems-cve-2026-3055-exploitation/

Côté exposition, ONYPHE recense plus de 18000 IP uniques sur une version vulnérable, (dont environ +800 en Suisse).
👇
https://www.linkedin.com/posts/onyphe_vulnerability-asm-attacksurfacemanagement-activity-7442250727046987776-ofYV

Le pattern rappelle clairement les précédents CitrixBleed : si du NetScaler est encore exposé, la fenêtre avant exploitation de masse pourrait être très courte.

#CyberVeille #CVE_2026_3055 #Citrix

la vulnérabilité est à considérer comme activement exploitée selon watchTowr.

ils ont publié une analyse technique détaillée de la faille, utile pour mieux comprendre le mécanisme d’exploitation
👇
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

Pour les équipes concernées, on n’est plus dans l’anticipation mais dans la réaction rapide.

#CyberVeille #Citrix #CVE_2026_3055

March 28, 2026

Cyber Operations

European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.

FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.

CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.

Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.

Information Operations & Foreign Influence

DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.

Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.

Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.

Espionage

UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.

Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.

U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.

Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.
#Ransier_Sentinel

https://thecybermind.co/2026/03/29/threat-intelligence-cve-2025-53521/?utm_source=mastodon&utm_medium=jetpack_social

Critical alert: Attackers are actively exploiting a remote code execution vulnerability in BIG-IP APM systems (CVE-2025-53521). Financial services, government, and public sector organizations are targeted. Understand the threat landscape and essential defensive measures.

https://captechgroup.com/about-us/threat-intelligence-center/rce-vulnerability-in-big-ip-apm-systems-cve-2025-5-98cd5c

March 28, 2026

Cyber Operations

European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.

FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.

CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.

Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.

Information Operations & Foreign Influence

DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.

Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.

Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.

Espionage

UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.

Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.

U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.

Hui, CVE für einen Wago Switch mit CVSS 10.0: An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Bingo!

FTR: CVE-2026-3587

CVE-2025-1727 makes trains go brrrrrrrrrrrt

Eingleisübung wann?

CVE-2026-4438 reminds me of that time I discovered BIND's "check-names no" and found out that "freenode/staff/foo.example.com" was a valid rDNS entry according to the ircd

⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin