CitrixBleed 2 - SparTech Software

Critical Security Alert: Over 3,000 NetScaler Devices Remain Vulnerable to CitrixBleed 2 Exploit.

A significant cybersecurity crisis continues to unfold as over 3,000 Citrix NetScaler devices remain unpatched against a critical vulnerability known as CitrixBleed 2. This alarming situation has prompted urgent warnings from cybersecurity agencies and researchers worldwide, as attackers actively exploit the flaw to gain unauthorized access to corporate and government networks.

Spartech Software August 12, 2025

Cybersecurity News

Over 100 organizations have been comprised and thousands of systems remain vulnerable to CitrixBleed2.

CitrixBleed 2 has led to successful cyberattacks on more than 100 organizations, but according to cybersecurity researchers and U.S. federal agencies, thousands of internet-facing NetScaler appliances are still unpatched and exposed to active exploitation.

Spartech Software July 18, 2025

Cybersecurity News

CISA confirms active exploitation of CitrixBleed 2 – gives Feds 1 day to patch.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has confirmed that the critical CitrixBleed 2 vulnerability (CVE-2025-5777) is under active exploitation. This flaw affects Citrix NetScaler ADC and Gateway devices, which are widely deployed by enterprises for secure application delivery and remote access.

Spartech Software July 12, 2025

Cybersecurity News

Researchers release technical details and a previously withheld detection script that can identify exploitation of Citrix Bleed 2 vulnerability.

Security researchers at WatchTowr have published comprehensive technical details and a detection script to help organizations identify exploitation attempts targeting the recently disclosed CitrixBleed 2 vulnerability (CVE-2025-5777). This critical security flaw affects Citrix NetScaler ADC and Gateway devices and has raised significant concerns across the cybersecurity community due to its potential to expose sensitive information.

Spartech Software July 7, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC