Citrix is a organization tracked across 39 threat clusters and 49 intelligence report mentions on ThreatCluster. First observed October 30, 2025; most recent activity July 5, 2026.
An advanced persistent threat actor exploited zero-day vulnerabilities in Cisco Identity Service Engine and Citrix NetScaler products. The attacks utilized custom malware and were detected by Amazon's MadPot honeypot…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
In February 2024, Change Healthcare suffered a ransomware attack attributed to the ALPHV group, impacting approximately 190 million individuals, making it the largest medical data breach in U.S. history. The attack…
Citrix NetScaler ADC and Gateway are affected by CVE-2026-3055, a critical vulnerability due to insufficient input validation during SAML authentication, leading to memory overread. Exploitation attempts have surged,…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
Citrix disclosed six high-severity vulnerabilities in NetScaler ADC and Gateway appliances, including CVE-2026-8451, which allows unauthenticated memory disclosure when configured as a SAML identity provider. Other…
Cloud Software Group has identified and patched two critical vulnerabilities in Citrix NetScaler ADC and Gateway products. The vulnerabilities, tracked as CVE-2026-3055, allow unauthenticated remote attackers to exploit…
Two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild, allowing unauthenticated remote code execution (RCE) with a CVSS score…
Initial access brokers (IABs) are specialized cybercriminals who gain unauthorized access to corporate networks and sell that access to other threat actors. They exploit vulnerabilities in systems, such as VPNs and RDP,…
On April 17, 2026, hackers publicly released data stolen from Standard Bank, following a breach disclosed on March 23, 2026. The breach involved unauthorized access to internal systems, exposing client records such as…