CISA tells federal agencies to patch Citrix NetScaler bug by Thursday
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk.
Hackers are exploiting a critical vulnerability affecting a popular line of networking appliances, according to researchers and federal cyber defenders.
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch CVE-2026-3055 by Thursday after incident responders began reporting exploitation over the weekend.
CVE-2026-3055 impacts Citrix NetScaler application delivery controllers (ADC) — tools that large organizations use to manage traffic and authentication. The specific part affected by the bug — the NetScaler Gateway — serves as the front door for users connecting to an organization's environment.
Source: https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug
Related breach coverage
- CISA orders federal agencies to patch exploited SolarWinds bug by Friday2026-02-03
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks.
- U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs2026-04-08
U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity […]
- CISA shortens patch deadline for critical Ivanti, SolarWinds bugs2026-03-10
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk.
- Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)2026-04-25
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to upload files to a server without authentication. The vulnerability has already been used in […]