By the end of yesterday, federal agencies should all have patched. But did they? And how many others have yet to patch?
Bill Toulas reports:
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.
Such a short deadline for installing the patches is unprecedented since CISA released the Known Exploited Vulnerabilities (KEV) catalog, showing the severity of the attacks exploiting the security issue.
The agency added the flaw to its Known Exploited Vulnerabilities (KEV) catalog yesterday, ordering federal agencies to implement mitigations by the end of today, June 11 (sic).
Read more at Bleeping Computer.